CAST 616 – Securing Windows Infrastructure

Overview

Securing Windows Infrastructure has become essential for organizations that prioritize security. With businesses increasingly reliant on IT services, the need for regular hardening and securing processes has intensified. The rapid advancement of technology has expanded the attack surface, necessitating comprehensive security measures.

CAST 616 is designed to equip Info-Sec professionals with the knowledge and practical skills needed to secure their network infrastructure. This 3-day training course delves into the intricacies of Windows Internal Security mechanisms and optimizes them without compromising IT environment configurations. Highlights include kernel debugging, malware hunting, deep dives into BitLocker, and automation of the hardening process.

Objectives

Upon completing this course, students will be able to:

  • Apply Windows Server 2008 R2 and Windows Server 2012 features to secure infrastructure.
  • Set up appropriate rights, privileges, and permissions for operating system objects.
  • Understand key functionalities of IPSec for domain isolation and securing network traffic.
  • Configure, monitor, and troubleshoot Microsoft infrastructure services.
  • Implement Network Access Protection.
  • Understand Windows operating systems.
  • Implement BitLocker.
  • Handle insecure or incompatible drivers.
  • Investigate Blue Screens.
  • Build failover clusters and NLB for Web Server scenarios.
  • Utilize Public Key Infrastructure (PKI) in daily tasks.

Duration

3 Days (24 Hours)

Intended Audience

  • Information Security Professionals
  • Government Agents
  • IT Administrators
  • IT Architects
  • Risk Assessment Professionals
  • Penetration Testers

Course Outlines

Unit 1: Windows 7 & 8 Hardening

  1. Windows Kernel Role
    • Kernel functionality and debugging techniques
    • Kernel security mechanisms and implementation
    • Lab: Kernel digging
  2. Securing Operating System Objects
    • Security of processes, threads, user accounts, services, and registry settings
    • Labs: Securing system objects, improving services security, verifying rights/permissions/privileges, system security bypass techniques and countermeasures
  3. Modern Malware and Threats
    • Techniques used by modern malware and protection mechanisms
    • Labs: Malware hunting, Stuxnet and other malware cases
  4. Device Drivers
    • Types, security considerations, managing drivers
    • Labs: Monitoring drivers, driver isolation, signing drivers
  5. Group Policy Settings
    • Useful GPO settings, customized templates, AGPM
    • Labs: Advanced GPO features, implementing AGPM
  6. Practical Cryptography
    • EFS, BitLocker, third-party solutions
    • Lab: Implementing and managing BitLocker

Unit 2: Windows Server 2008 R2 / Windows Server 8 Hardening

  1. Securing Server Features
  2. Public Key Infrastructures
    • Design considerations and hardening techniques
    • Lab: PKI implementation
  3. Active Directory
    • Securing Domain Services, schema configuration, new security features
    • Labs: Active Directory security in single and multiple domain environments
  4. Microsoft SQL Server Hardening
    • Installation considerations, configuring security features
    • Lab: Hardening Microsoft SQL Server

Unit 3: Hardening Microsoft Network Roles

  1. Hardening Minor Network Roles
  2. DNS Hardening
    • Improving functionality, hardening, and designing DNS roles
    • Labs: Hardening DNS role, testing DNS configuration
  3. Internet Information Security 7.5 / 8
    • Secure web server implementation, monitoring security and performance
    • Labs: IIS Server Hardening, website security settings, monitoring IIS under attack
  4. IPSec
    • Implementing IPSec, security policies
    • Labs: Domain isolation, Network Access Protection with IPSec
  5. DirectAccess
    • Implementation considerations, security, and hardening
    • Lab: DirectAccess secure configuration demo
  6. Remote Access
    • VPN protocols, RDP Gateway, Unified Access Gateway, Network Access Protection
    • Labs: Configuring security settings in Network Policy Server, RDP Gateway, UAG, Network Access Protection scenario
  7. Firewall
    • Customizing rules, hardening client and server scenarios
    • Lab: Managing Windows Firewall with Advanced Security

Unit 4: Windows High Availability

  • Network Load Balancing design considerations and best practices
  • iSCSI configuration, failover clustering internals, and security
  • Labs: Building IIS Cluster with NLB, building the failover cluster

Unit 5: Data and Application Security

  • File Classification Infrastructure, designing security for File Server
  • Active Directory Rights Management Services, AppLocker, and Software Restriction Policy
  • Labs: Building secure solution with FCI and ADRMS, securing and auditing a File Server, restricting access to applications with AppLocker and SRP

Unit 6: Monitoring, Troubleshooting, and Auditing Windows

  • Advanced logging and subscriptions, analyzing the boot process, crash dump analysis, auditing tools and techniques
  • Labs: Event logging and subscriptions, monitoring the boot process, Blue Screen scenario

Unit 7: Automating Windows Hardening

  • Best practices for monitoring, troubleshooting, and auditing Windows
  • Labs: Event logging and subscriptions, monitoring the boot process, Blue Screen scenario