Foreword
Chapter 1 Using Windows Server 2003 Planning Tools and Documentation
Introduction
Overview of Network Infrastructure Planning
Planning Strategies
Using Planning Tools
Fundamentals of Network Design
Analyzing Organizational Needs
Information Flow Factors
Management Model and Organizational Structure
Centralization versus Decentralization
Management Priorities
User Priorities
Reviewing Legal and Regulatory Considerations
Calculating TCO
Planning for Growth
Developing a Test Network Environment
Planning the Test Network
Implementing the Test Network
Documenting the Planning and Network Design Process
Importance of Documentation
Creating the Planning and Design Document
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 2 Planning Server Roles and Server Security
Introduction
Understanding Server Roles
Domain Controllers (Authentication Servers)
File and Print Servers
DHCP, DNS, and WINS Servers
Web Servers
Database Servers
Mail Servers
Certificate Authorities
Application Servers and Terminal Servers
Planning a Server Security Strategy
Choosing the Operating System
Identifying Minimum Security Requirements for Your Organization
Identifying Configurations to Satisfy Security Requirements
Planning Baseline Security
Security Templates and Tools
Planning Secure Baseline Installation Parameters
Enforcing Default Security Settings on New Computers
Customizing Server Security
Securing Servers According to Server Roles
Creating Custom Security Templates
Deploying Security Configurations
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 3 Planning, Implementing, and Maintaining the TCP/IP Infrastructure
Introduction
Understanding Windows 2003 Server Network Protocols
Reviewing TCP/IP Basics
What’s New in TCP/IP for Windows Server 2003
Planning an IP Addressing Strategy
Analyzing Addressing Requirements
Creating a Subnetting Scheme
Troubleshooting IP Addressing
Transitioning to IPv6
Planning the Network Topology
Analyzing Hardware Requirements
Planning the Placement of Physical Resources
Planning Network Traffic Management
Monitoring Network Traffic and Network Devices
Determining Bandwidth Requirements
Optimizing Network Performance
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 4 Planning, Implementing, and Maintaining a Routing Strategy
Introduction
Understanding IP Routing
Reviewing Routing Basics
Evaluating Routing Options
Windows Server 2003 As a Router
Security Considerations for Routing
Analyzing Requirements for Routing Components
Simplifying Network Topology to Provide Fewer Attack Points
Router-to-Router VPNs
Packet Filtering and Firewalls
Logging Level
Troubleshooting IP Routing
Identifying Troubleshooting Tools
Common Routing Problems
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 5 Planning, Implementing, and Maintaining an Internet Connectivity Strategy
Introduction
Connecting the LAN to the Internet
Routed Connections
Translated Connections
Implementing Virtual Private Networks (VPNs)
Internet-based VPNs
Router-to-Router VPNs
VPN Protocols
VPN Security
Using Internet Authentication Service (IAS)
Advantages of IAS
IAS Management
Authentication Methods
Authorization Methods
Access Server Support
Outsourced Dialing
Using Connection Manager
Using CMAK
Connection Manager Security Issues
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 6 Planning, Implementing, and Maintaining a Name Resolution Strategy
Introduction
Planning for Host Name Resolution
Understanding Host Naming
Designing a DNS Namespace
Planning DNS Server Deployment
Planning for Zone Replication
Planning for Forwarding
DNS/DHCP Interaction
Windows Server 2003 DNS Interoperability
DNS Security Issues
Monitoring DNS Servers
Planning for NetBIOS Name Resolution
Understanding NETBIOS Naming
Planning WINS Server Deployment
Planning for WINS Replication
WINS Issues
Troubleshooting Name Resolution Issues
Troubleshooting Host Name Resolution
Troubleshooting NetBIOS Name Resolution
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 7 Planning, Implementing, and Maintaining a Remote Access Strategy
Introduction
Planning the Remote Access Strategy
Analyzing Organizational Needs
Analyzing User Needs
Selecting Remote Access Types To Allow
Addressing Dial-In Access Design Considerations
Allocating IP Addresses
Determining Incoming Port Needs
Selecting an Administrative Model
Addressing VPN Design Considerations
Selecting VPN Protocols
Installing Machine Certificates
Configuring Firewall Filters
Creating Access Policies
Addressing Wireless Remote Access Design Considerations
The 802.11 Wireless Standards
Using IAS for Wireless Connections
Configuring Remote Access Policies for Wireless Connections
Multiple Wireless Access Points
Placing CA on VLAN for New Wireless Clients
Configuring WAPs as RADIUS Clients
Wireless Encryption and Security
Planning Remote Access Security
Domain Functional Level
3.2.3 Selecting Authentication Methods
Selecting the Data Encryption Level
Using Callback Security
Managed Connections
Mandating Operating System/File System
Using Smart Cards for Remote Access
Creating Remote Access Policies
Policies and Profiles
Authorizing Remote Access
Restricting Remote Access
Controlling Remote Connections
Creating a Plan to Offer Remote Assistance to Client Computers
How Remote Assistance Works
Using Remote Assistance
Offering Remote Assistance to your Clients
Planning for Remote Administration by Using Terminal Services
Using Remote Desktop for Administration
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 8 Planning, Implementing, and Maintaining a High-Availability Strategy
Introduction
Understanding Performance Bottlenecks
Identifying System Bottlenecks
Using the System Monitor Tool to Monitor Servers
Using Event Viewer to Monitor Servers
Using Service Logs to Monitor Servers
Planning a Backup and Recovery Strategy
Understanding Windows Backup
Using Backup Tools
Selecting Backup Media
Scheduling Backups
Restoring from Backup
Planning System Recovery with ASR
What Is ASR?
How ASR Works
Alternatives to ASR
Using the ASR Wizard
Performing an ASR Restore
Planning for Fault Tolerance
Network Fault-Tolerance Solutions
Internet Fault-Tolerance Solutions
Disk Fault-Tolerance Solutions
Server Fault-Tolerance Solutions
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 9 Implementing Windows Cluster Services and Network Load Balancing
Introduction
Making Server Clustering Part of Your High-Availability Plan
Terminology and Concepts
Cluster Models
Server Cluster Deployment Options
Server Cluster Administration
Recovering from Cluster Node Failure
Server Clustering Best Practices
Making Network Load Balancing Part of Your High-Availability Plan
Terminology and Concepts
Relationship of NLB to Clustering
Managing NLB Clusters
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 10 Planning, Implementing, and Maintaining Internet Protocol Security
Introduction
Understanding IP Security (IPSec)
Terminology and Concepts
How IPSec Works
IPSec Modes
IPSec Protocols
IPSec Components
IPSec and IPv6
Deploying IPSec
Determining Organizational Needs
Security Levels
Managing IPSec
Using the IP Security Policy Management MMC Snap-in
Using the netsh Command-line Utility
Default IPSec Policies
Custom Policies
Assigning and Applying Policies in Group Policy
Active Directory Based IPSec Policies
IPSec Monitoring
Troubleshooting IPSec
Addressing IPSec Security Considerations
Strong Encryption Algorithm (3DES)
Firewall Packet Filtering
Diffie-Hellman Groups
Pre-shared Keys
Soft Associations
Using RSoP for IPSec Planning
Using the RSoP Wizard
Selecting the RSoP Mode for IPSec-related Queries
Summary
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 11 Planning, Implementing, and Maintaining a Security Framework
Introduction
Planning and Implementing Active Directory Security
Understanding Permission Types
Physically Securing Domain Controllers
Securing the Schema
Managing Cross-domain and Cross-forest Security Relationships
Account Security
Planning and Implementing Wireless Security
Understanding Wireless Networking
Authentication for Wireless Networks
Wireless Security Issues
Monitoring and Optimizing Security
Wireless Monitor
Object-based Access Control
Auditing
Security Policies
Planning a Change and Configuration Management Framework
Planning a Security Update Infrastructure
Understanding the Importance of Regular Security Updates
Using Microsoft Baseline Security Analyzer (MBSA)
Using Microsoft Software Update Services (SUS)
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Chapter 12 Planning, Implementing, and Maintaining a Public Key Infrastructure
Introduction
Planning a Windows Server 2003 Certificate-Based PKI
Understanding Public Key Infrastructure
Understanding Digital Certificates
Understanding Certification Authorities
Implementing Certification Authorities
Analyzing Certificate Needs within the Organization
Determining Appropriate CA Type(s)
Planning Enrollment and Distribution of Certificates
Certificate Templates
Certificate Requests
Auto-Enrollment Deployment
Role-Based Administration
Implementing Smart Card Authentication in the PKI
What Are Smart Cards?
How Smart Card Authentication Works
Deploying Smart Card Logon
Using Smart Cards To Log On to Windows
Using Smart Cards for Remote Access VPNs
Using Smart Cards To Log On to a Terminal Server
Summary of Exam Objectives
Exam Objectives Fast Track
Exam Objectives Frequently Asked Questions
Self Test
Self Test Quick Answer Key
Self Test Appendix
Index