Lab exercises

advertisement
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Assessment cover sheet
Security fundamentals – Lab 2
Student’s name
Student’s ID
Qualification
ICA50405 – Diploma of Information Technology (Networking)
Assessment
Security fundamentals
Unit of
competency
National ID
Title
ICAS5118C
Manage system security
Assessment description
This assessment covers the performance criteria for managing system security.
Due date
Date submitted
Student’s declaration
Yes
No


I/We have read and understood the details of the assessment.


I/We have been informed of the conditions of the assessment and the appeals
process.




I/We agree to participate in this assessment.
I/We certify that the attached is my/our own work.
Student’s signature
Date
Assessment results


Not yet competent
Competent
Comments/Feedback from assessor to student
Comments/Feedback from student to assessor
Assessor’s name
Date
Assessor’s signature
Student’s name
Date
Student’s signature
Page 1 of 9
© Department of Training and Workforce Development 2010
Version 1, June 2010
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Instructions for students
1.
In order to meet the criteria, you will need to complete all parts of this assessment.
2.
This assessment can be done during class time or outside of class time.
3.
Discussion with other team members is encouraged however all work submitted must be
substantially your own.
4.
You may be required to explain or demonstrate your understanding of any component of
this assessment.
5.
If you are quoting work that is not your own it must be appropriately referenced.
6.
Submitted work must meet presentation standards appropriate to the workplace or your
registered training organisation, eg header/footer, consistent formatting, spelling, grammar.
7.
All work must be submitted by the due date.
8.
If you have any questions please see your trainer.
Performance measurement
1.
You will need to complete all components without errors.
2.
All files are to be correctly saved with appropriate names or as instructed.
3.
Failure to do either of these tasks will result in a non-submission of assessment.
Date
<RTO to enter date>
Assessment
Security fundamentals – Lab 2
Assessment tasks
Multiple tasks.
These exercises and labs can be found in:

Chapter 2 – ‘Creating Security Baselines’ of the Textbook

Chapter 2 – ‘Establishing and Maintaining Baseline Security’ of
the Lab Manual.
Submission checklist
Please make sure that you have the following documents ready for submission.
9 Review answers

2 Case scenarios

4 Lab exercises

Lab challenge

6 Lab review answers

© Department of Training and Workforce Development 2010
Version 1, June 2010
Page 2 of 9
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Security fundamentals – Lab 2
Recommended texts
Wettern, J 2005, Security + Certification Textbook, Microsoft Press, Redmond, WA
Grasdal, M 2005, Security + Certification Lab Manual, Microsoft Press, Redmond, WA
Questions
The questions and case scenarios for this lab can be found in Chapter 2 of the textbook.
Review answers
1.
2.
3.
4.
5.
6.
7.
8.
9.
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
___________________________________________________________________________
Case scenarios
2.1
Trusted computing base
2.2
Security baseline
Page 3 of 9
© Department of Training and Workforce Development 2010
Version 1, June 2010
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Lab work
Set up
Ask your trainer for the lab set-up guide.
Set up two images using VMware® or Microsoft ® Virtual PC.
The first image is to be the instructor machine.
Instructor computer set up
1.
Install Microsoft® Windows Server® 2003 and name the computer ‘Instructor01’.
2.
Configure the image using the settings shown below.
Computer name
Instructor01
ip address
10.1.1.200
Subnet Mask
255.255.0.0
Gateway
Blank
DNS server
10.1.1.200
Workgroup
3.
Install Active Directory by running the dcpromo command. Configure Active Directory using
the settings shown below.
Domain controller for
new domain
Create new forest
Domain name
contoso.com
NetBios name
contoso
DNS server
self: 10.1.1.200
4.
Add the application server role (IIS and asp.net) by running the ‘Configure your server’ wizard.
5.
Copy set-up files as per instructions in the set-up guide.
6.
Raise the domain functional level to Windows Server 2003 using the Active Directory domains
and trusts tools.
7.
Raise the forest functional level to Windows Server 2003 using the Active Directory domains
and trusts tools.
8.
Using Active Directory Users and Computers create the following OU and user account
structure.
OU
User account
Student
Admin1
Admin 2
Users
Student1
Student2
ALS
User1
User2
Employees
© Department of Training and Workforce Development 2010
Version 1, June 2010
Page 4 of 9
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
9.
Create the following groups.
Group
Members
Member of
ClassAdmins
Admin1
Admin 2
Account operators
10. In Active Directory Users and Computers, click users and select RAS and IAS servers
property page. In the members tab, add domain computers.
11. Delegate control of the EmployeesOU to admin and student accounts. Use the Active
Directory Users and Computers tools and the Delegation of Control wizard.
12. Install Windows Software Update Services.
13. Install Windows Certificate Services using Add/remove Windows Components.
Configure Certificate Template Permissions using Active Directory Sites and Services. Under
the Show Services Node, expand Services, expand Public Key Services, and click Certificate
Templates. Under EFSRecovery Properties, add the ClassAdmins group and give them read
and enrol allow permissions. Under the Webserver properties, add the AuthenticatedUsers
group and give them enrol allow permissions.
14. Configure DNS by adding a reverse lookup zone for 10.x.x.x and allow both secure and
insecure dynamic updates.
15. Configure IIS with a digital signature by installing a server certificate which is under directory
security in the properties page of the default web server.
16. Enable the IIS session state in IIS by selecting enable session state in Application
configuration in the Home Directory tab of the default web site property page. Select all for
inheritance overrides.
17. Verify that .p7b exists in the application extensions for the CertSrv virtual directory. See the
detailed instructions to add the extension if it doesn’t exist.
Student computer set up
1.
Install Windows Server 2003 and name the computer ‘Computer01’.
2.
Configure the image using the settings shown below.
Computer name
Instructor01
ip address
10.1.1.200
Subnet Mask
255.255.0.0
Gateway
Blank
DNS server
10.1.1.200
Workgroup
3.
Create the following user accounts in Local users and Groups.
Username: Sally
Username: Bob
Set the administrator password (if not done so already).
4.
Join the contoso.com domain.
Page 5 of 9
© Department of Training and Workforce Development 2010
Version 1, June 2010
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
5.
Use the ‘Configure your server’ wizard to install Application Server Role and install FTP,
SMTP and POP3 services.
6.
Add Sally, Bob and Contoso\Admin01 to the local Administrator Group.
7.
Copy the Lab Manual Folder from the Student CD to C:\Lab Manual.
8.
Download a recent version of SuperScan™ and install it.
9.
On the instructor computer create an OU called ClassroomServers and move the Computer01
account into the OU.
10. In the property sheet of the Classromm ServersOU tick the setting ‘Trust This Computer For
Delegation To Any Service (Kerberos Only)’ option.
Lab exercises
Complete the following exercises from the Lab Manual. An answer sheet is provided at the end of
this document.
Exercise 2.1 Creating and applying security templates
Exercise 2.2 Monitoring baseline security by using security configuration analysis
Exercise 2.3 Assessing baseline security by using Microsoft baseline security analyser (MBSA)
Exercise 2.4 Maintaining baseline security by using Microsoft software update services (SUS)
Lab challenge 2.1 Automating MBSA scans
Lab exercises for Windows Server 2008
Navigate to the Microsoft technical website at http://technet.microsoft.com/en-au/default.aspx.
Use the search function to locate the ‘Microsoft Baseline Security Analyzer 2.1’.
Download and install this tool and use it to generate a security baseline.
© Department of Training and Workforce Development 2010
Version 1, June 2010
Page 6 of 9
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Trainer sign off
The following exercises will need to be sighted for evidence.
Exercise 2.1
Exercise 2.2
Exercise 2.3
Exercise 2.4
Lab challenge 2.1
Trainer’s name
Date
Investigation
Navigate to the Microsoft technical website at http://technet.microsoft.com/en-au/default.aspx.
Use the search function to locate the ‘Windows Server 2003 Administrator's Guide’.
Download the guide.
Describe the information contained in the guide:

What is the significance of the title ‘Evaluated Configuration’?

When would it be appropriate to use this guide?
Page 7 of 9
© Department of Training and Workforce Development 2010
Version 1, June 2010
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Lab review answers
Question 1
Question 2
Question 3
Question 4
Question 5
© Department of Training and Workforce Development 2010
Version 1, June 2010
Page 8 of 9
Workplace delivery of ICA50405 – Diploma of Information Technology (Networking)
Security fundamentals – Lab 2
Question 6
[End of document]
Page 9 of 9
© Department of Training and Workforce Development 2010
Version 1, June 2010
Download