Securing Windows - SANS SEC505

	See also...  Organization of the courses  Training sessions planning  Network Penetration Testing and Ethical Hacking - SANS SEC560  Advanced Penetration Testing, Exploits and Ethical Hacking - SANS SEC660  Web App Penetration Testing and Ethical Hacking - SANS SEC542  Defending Web Applications Security Essentials - SANS DEV522
Goals  Certification  Duration  Instructor(s)  Pre-requisite for attendants  Teaching method  Related courses  Material  Agenda  Methods of inscription

Dates of the coming sessions: 21-25 May 2012 (Paris) 3-7 December 2012 (Paris) Dates subject to modification without prior notice. The sessions will only take place if the number of registered attendants is high enough.

 

Based on the expertise of an international community of security experts, "Securing Windows" SANS course presents, in depth, all the essential things to know to secure a Windows environment.

With many demonstrations, reproductibles immediately by the attendees, Securing Windows course is interactive and show the ways and tools to secure and administer any Windows network.

Are you transitioning from Windows XP to Windows 7? The Securing Windows track is fully updated for Windows Server 2008-R2 and Windows 7. Most of the content applies to Windows Server 2003 and XP too, but the focus is on 2008/Vista/7.

Concerned about the 20 Critical Security Controls of the Consensus Audit Guidelines? This course will help you implement the Critical Controls relevant to Windows systems, not just audit them, and will walk you through most of the tools step by step too.

The SANS SEC505: Securing Windows is a comprehensive set of courses for Windows security architects and administrators. It also tackles tough problems like Active Directory forest design, how to use Group Policy to lock down desktops, deploying a Microsoft PKI and smart cards, pushing firewall and IPSec policies out to every computer in the domain, securing public IIS Web servers, and PowerShell scripting.

PowerShell is the future of Windows scripting and automation. Easier to learn and more powerful than VBScript, PowerShell is an essential tool for automation and scalable management. And if there's one skill that will most benefit the career of a Windows specialist, it's scripting, because most of your competition lacks scripting skills, so it's a great way to make your resume stand out. Scripting skills are also essential for being able to implement the 20 Critical Security Controls.

SEC505 will also prepare you for the GIAC Certified Windows Security Administrator (GCWN) certification exam to help prove your security skills. In fact, all the questions on the exam come from the manuals used in the course.

This is a fun course and a real eye-opener even for Windows administrators with years of experience. Come see why there's a lot more to Windows security than just applying patches and changing passwords. Come see why a Windows network needs a security architect.

Cette formation prépare à l'examen de certification GIAC Certified Windows Security Administrator [GCWN], permettant de valider les compétences en sécurité Windows du stagiaire. Toutes les questions de l'examen sont issues des supports de cours de la formation. Cet examen n'est pas obligatoire. Il se passe dans un centre agréé GIAC.

5 days (9h00-18h30).

Benjamin Arnault (Benjamin.Arnault@hsc.fr) , responsable de la formation
Renaud Dubourguais (Renaud.Dubourguais@hsc.fr)

• Windows Administrators want to discover ways to secure a Windows network;
• Security Experts with an experience in network or system audits or in penetration testing;
• Windows Security Architects who want to strengthen or update their knowledge in Windows systems security and Active directory domains;
• CSO who want to learn Windows security mecanisms in order to understand the global information security implications and to improve their interactions with teams responsible for Windows Security. who want to learn Windows security mecanisms in order to understand the global information security implications and to improve their interactions with teams responsible for Windows Security.

You do not need any programming or scripting background whatsoever to attend the course. On the other hand, we will spend the day going through scripts written in PowerShell, so if you want to peruse an article or tutorial on PowerShell, that would be nice, but it's certainly not required.

Lecture, with numerous demonstrations and practical work in French.

Network Penetration Testing and Ethical Hacking - SANS SEC560
Advanced Penetration Testing, Exploits and Ethical Hacking - SANS SEC660
Web App Penetration Testing and Ethical Hacking - SANS SEC542
Defending Web Applications Security Essentials - SANS DEV522

The course is delivered french and in french only. Course material is in English

Program is from SANS Institute SEC505 course and follows the program found here : http://www.sans.org/security-training/securing-windows-4502-tid

1. Securing Active Directory and DNS

• Securing controllers
• Property-Level Permissions (DACL) and Audit Settings (SACL)
• Delegation of Authority
• Custom (MMC) consoles
• Best Practices for Forest Design
• Best Practices for Securing DNS

2. Group Policy

• The Group Policy Management Console (GPMC)
• Security Templates
• Group Policy Objects (GPOs)
• MSI Deployment through Group Policy
• Pushing Out Scripts
• Software Restriction Policies
• Managing Internet Explorer Settings
• Replacing the Desktop Interface
• Micro-Managing Users' Applications

3. PKI, EFS et Bitlocker

• Why must I have a PKI?
• How to install the Windows PKI
• How to manage your PKI
• Delegation of Authority
• Deploying Smart Cards
• Encrypting File System (EFS)
• Bitlocker Drive Encryption

4. IPSec, Windows Firewall, NPS, VPNs and Wireless

• Secure Socket Tunneling Protocol
• Isn't IPSec just for VPNs ? No!
• IPSec domain isolation
• Group policy management of IPSec
• Windows Firewall with Advanced Security
• Configuring RADIUS policies (NPS)
• VPNs best practices
• Sécurising wireless networks

5. Securing IIS

• IIS server hardening
• Patch management
• Managing bindings
• Hardening TCP/IP
• IPSec for IIS serveurs
• Authentification options
• Minimal HTTP Permissions
• Minimal NTFS Permissions
• Running scripts and binaries on IIS
• HTTP.SYS filtering
• Securing XML config files
• Securing logs hands-free
• Finding hacking signatures in logs

6. PowerShell scripting

• What is PowerShell?
• CmdLets
• Running scripts
• Namespace providers
• Piping .NET objects
• Parameter binding
• Regular expressions
• Functions et filters
• The .NET class library
• Using properties and methods at the Command Line
• Security and execution policy
• Managing the Event Logs
• Accessing COM Objects: WMI, ADSI, ADO ...

For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 15 days before the course. This strict delay is imposed by SANS. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.