Kuwait 616

Securing Windows Infrastructure (CAST 616)




 

Securing Windows Infrastructure (CAST 616)

Windows Infrastructure Hardening has become a mandatory step performed on a regular basis by any organization that sees security as a priority. Businesses nowadays are almost fully dependent on IT services, making the hardening and securing processes even more intense. The number of possible attack surfaces has emerged exponentially in direct relation to the increasingly competitive field of current technology we are witnessing where developers try to achieve more and more functionality from implemented solutions and applications. 616: Securing Windows Infrastructure is designed with the single purpose of providing Info-Sec professionals with complete knowledge and practical skills necessary to secure their network infrastructure which is fast becoming if already not a top priority plus a major tech challenge for most security conscious organizations. This 3 day training deep dives into the key aspects of solving infrastructure-related problems by appreciating the key elements of how Windows Internal Security mechanisms actually work and how it can be further optimized without jeopardizing or easing an organization’s IT Environment configuration settings which becomes common as time passes. Some of the highlights of this course are techniques used in Kernel Debugging, Malware hunting, deep diving into BitLocker and the automation of the whole hardening process.

Paula Januszkiewicz

Paula Januszkiewicz is an IT Security Auditor and Penetration Tester, Enterprise Security Most Valuable Professional, Microsoft Certified Trainer and Microsoft Security Trusted Advisor. She is a familiar face at international events and conferences such as TechEd North America, TechEd Middle East and TechEd Europe, RSA worldwide, CyberCrime and others worldwide. Her passion for Windows & IT Security allows her to spread her expertise via her trainings and consulting services focusing on areas such as Infrastructure Security & Design, Penetration Testing, IT Security Audits, Networking Security, Windows Internals and Forensics and through her writing regarding Windows Security. Her distinct specialization is definitely on Microsoft security solutions in which she holds multiple Microsoft certifications (MCITP, MCTS, MCSE, MCDBA etc.) besides being familiar and possessing certifications with other related technologies. She proudly holds the role of the Security Architect in iDESIGN and has conducted hundreds IT security audits and penetration tests. When she’s not driving her own company CQURE, she enjoys researching new related technologies, which she converts to authored trainings and describes them on her blog. She is also a co-author of the Microsoft Forefront Threat Management Gateway 2010 book and is currently working on her new book under the same subject.

  • Breaking down the intricacies involved in a Windows Hardening process to little manageable bits
  • Attacking various infrastructure solutions to configure appropriate advanced security settings and defense
  • Hardening a Windows Environment by securing Windows objects and creating solution-related implementations
  • Analyzing and monitoring infrastructure performance and security
  • Examining the ways how data can be protected on a corporate user’s desktops and on file servers
  • Applying security settings to virtual private networks
  • Familiarizing the boot process and all the related investigation techniques
  • Exposing multiple methods to hacking operating systems, stealing information and getting malware into the network
  • Securing vital communications between servers






Unit 1: Windows 7 & 8 Hardening
This module covers a detailed deep-dive into Windows internal security mechanisms and their practical usage and adjustment.
  • Windows Kernel role
  • Kernel functionality
  • Kernel debugging (useful techniques)
  • Kernel security mechanisms and their practical implementation

Lab: Kernel digging

  • Securing operating system objects
  • Influencing the security of processes & threads
  • User account security (elevation of privileges, permissions, functionality, passwords, hardening)
  • Functionality and hardening of rights, permissions, privileges
  • Services security
  • Registry settings and activity

Lab: Securing system objects
Lab: Improving services security
Lab: Verifying the meaning of rights, permissions and privileges
Lab: System security bypass techniques and countermeasures

  • Modern malware and threats
  • Sensitive operating system areas
  • Techniques used by modern malware
  • Cases of the real attacks on sensitive areas (with the practical examples)
  • Protection mechanisms and countermeasures

Lab: Malware hunting
Lab: Stuxnet / other malware cases

  • Device Drivers
  • Types of drivers and their security considerations
  • Managing device drivers

Lab: Monitoring drivers
Lab: Driver Isolation
Lab: Signing drivers

  • Group Policy Settings
  • Useful GPO Settings for hardening
  • Customized GPO Templates
  • AGPM

Lab: Advanced GPO features
Lab: Implementing AGPM

  • Practical Cryptography
  • EFS
  • Deep-dive to BitLocker
  • 3rd party solutions

Lab: Implementing and managing BitLocker

After completing this module, students will be familiar with:
  • Threats and their effects
  • Points of entry to the client operating system
  • Secure configuration of the client operating system
  • Security management in the client operating system

Unit 2: Windows Server 2008 R2 / Windows Server 8 Hardening
This module focuses on server architecture, security issues and hardening
  • Securing Server Features
  • Public Key Infrastructures
  • Design considerations
  • Hardening techniques

Lab: PKI implementation

  • Active Directory
  • Design considerations for Windows Server 2008 R2 and Windows Server 8
  • Securing Domain Services
  • Schema configuration
  • New security features in Windows Server 8

Lab: Active Directory security in the single domain environment
Lab: Active Directory security in the multiple domains environment

  • Microsoft SQL Server hardening
  • Installation considerations
  • Configuring crucial security features

Lab: Hardening Microsoft SQL Server

After completing this module, students will be familiar with:
  • Threats for servers and countermeasures
  • Points of entry to the server operating system
  • Solutions for server security
  • Hardening of the Windows related roles
Unit 3: Hardening Microsoft Network Roles
This module focuses on hardening and testing network related roles. Very intensive!
  • Hardening minor network roles
  • DNS Hardening
  • Improving DNS functionality
  • Hardening and designing DNS Role

Lab: Hardening DNS role
Lab: Testing the DNS configuration

  • Internet Information Security 7.5 / 8
  • Implementing secure web server
  • Implementing web site security
  • Monitoring security and performance

Lab: IIS Server Hardening
Lab: Web site security settings
Lab: Monitoring IIS under attack

  • IPSec
  • Implementing IPSec
  • Security polices in IPSec

Lab: Implementing Domain Isolation
Lab: Network Access Protection with IPSec

  • DirectAccess
  • Implementation Considerations
  • DirectAccess Security and Hardening

Lab: DirectAccess secure configuration demo

  • Remote Access
  • VPN Protocols
  • RDP Gateway
  • Unified Access Gateway
  • Network Access Protection

Lab: Configuring security settings in Network Policy Server
Lab: Configuring security settings in RDP Gateway
Lab: Securing UAG Configuration for applications
Lab: Network Access Protection implementation scenario

  • Firewall
    Customizing the rules
    Hardening Client and Server for Rule-Specific scenario

Lab: Managing Windows Firewall with Advanced Security

After completing this module, students will be familiar with:
  • Configuring secure remote access
  • Implementing Network Access Protection
  • Protocol misusage techniques and prevention actions
  • DNS advanced configuration
  • Hardening the Windows networking roles and services – in details
  • Building the secure web server
Unit 4: Windows High Availability
This module covers business continuity support technologies
  • Network Load Balancing design considerations and best practices
  • iSCSI configuration
  • Failover Clustering internals and security

Lab: Building IIS Cluster with NLB
Lab: Building the failover cluster

After completing this module, students will be familiar with:
  • High Availability technologies
Unit 5: Data and Application Security
This module covers solutions that greatly support information and data security
  • File Classification Infrastructure
  • Designing security for File Server
  • Active Directory Rights Management Services
  • AppLocker and Software Restriction Policy

Lab: Building secure solution with FCI and ADRMS
Lab: Securing and auditing a File Server
Lab: Restricting access to applications with Applocker and SRP
Lab: Software Restriction Policy (in) security

After completing this module, students will be familiar with:
  • Information and data protection solutions
  • Best practices of implementing data security solutions
  • Techniques for restricting access to data
  • Techniques of avoiding misusage of applications
Unit 6: Monitoring, Troubleshooting and Auditing Windows
This module covers all best practices regarding to monitoring, troubleshooting and auditing Windows. It is a prefect module for Windows investigators
  • Advanced logging and subscriptions
  • Analyzing and troubleshooting the boot process
  • Crash dump analysis
  • Auditing tools and techniques
  • Monitoring tools and techniques
  • Professional troubleshooting tools

Lab: Event logging and subscriptions
Lab: Monitoring the boot process
Lab: Blue Screen scenario


After completing this module, students will be familiar with:
  • Troubleshooting methodologies
  • Collecting data methodologies
  • Monitoring Windows after / during the attack and during situation specific events
  • Windows forensics
Unit 7: Automating Windows hardening
This module covers all best practices regarding to monitoring, troubleshooting and auditing Windows. It is a prefect module for Windows investigators
  • Advanced logging and subscriptions
  • Analyzing and troubleshooting the boot process
  • Crash dump analysis
  • Auditing tools and techniques
  • Monitoring tools and techniques
  • Professional troubleshooting tools

Lab: Event logging and subscriptions
Lab: Monitoring the boot process
Lab: Blue Screen scenario

After completing this module, students will be familiar with:
  • Troubleshooting methodologies
  • Collecting data methodologies
  • Monitoring Windows after / during the attack and during situation specific events
  • Windows forensics
Unit 8: Organizational Security
This module explains how to deal with the attack case and what security methodologies could be applied in that particular situation. Here you will be discussing the type of the events and actions that should be taken according to each unique situation and conditions it causes
  • Considerations for designing secure infrastructure
  • Security policy & compliance
  • Auditing methodologies
  • CERT
  • Attack response procedures
  • Documentation required for security projects
  • Discussion: Procedures after attack
  • After completing this module, students will be familiar with:
  • Organizational security issues
  • Security policy best practices
There’s a lot more to Windows Security than just applying patches and changing passwords :
  • Gain knowledge on how to apply Windows Server 2008 R2 and Windows Server 2012 features to secure your infrastructure
  • Learn how to setup the appropriate rights, privileges and permissions to operating system objects
  • Learn the key functionalities of IPSec (domain isolation, securing network traffic)
  • Learn now to configure, monitor and troubleshoot Microsoft infrastructure services
  • Gain knowledge how to implement Network Access Protection
  • Learn how Windows operating systems work
  • Learn how to implement BitLocker
  • Learn how to deal with insecure or incompatible drivers
  • Gain knowledge how to investigate Blue Screens
  • Learn how to build the failover cluster and NLB used in the Web Server scenario
  • Learn how to use Public Key Infrastructure in the everyday tasks




Passionate IT Professionals, including :
  • Information Security Professionals
  • Government Agents
  • IT Administrators
  • IT Architects
  • Risk Assessment Professionals
  • Penetration Testers








CAST On-site provides personalised Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service.
CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

Key features of CAST On-site:
  • Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
  • CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
  • CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
  • With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
  • You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
  • Each individual client receives the required high level of training that is benchmarked to international best practise and standards
  • Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them
  • Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance.

Enquire Online About Advanced Security Training Programs

We at CAST would like to hear from you

if you have questions, comments or feedback for us, please send us a message using the from below or email us at cast@eccouncil.org
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!

CAST General Enquiry Form