In a newly minted two-part class, would-be Microsoft security practitioners can gain exposure to and understanding of a lot of security-related material that the company thinks is important enough to tout highly and to give away for free. I'm talking about the company's security clinics, entitled:
- Clinic 2801: Microsoft Security Guidance Training I
This class consists of four lessons that deal with the essentials of security, talks about what's involved in implementing patch management, cover basic server security topics for Windows 2000 and Windows Server 2003, and also address basic client security topics for Windows 2000 Professional and Windows XP versions. The coverage is well designed, nicely focused for self-paced use, and hits all the important topics necessary to cultivate an appreciation for best security practices and how to employ them.
- Clinic 2802: Microsoft Security Guidance Training II
This class is also made up of four lessons. Lesson 1 covers subjects related to implementing network and perimeter security, extending the basis to the network from the previous computer centric class. Lesson 2 explains how to implement application and data security, including Exchange Server, SQL Server, SBS, and general data security among its topics. Lesson 3 addresses advanced Server and Client security topics, such as securing IIS servers, advanced server and client security concepts and requirements, and issues specific to mobile clients. Lesson 4 deals with applied security strategies and addresses patch management and remote access strategies for the real world, as well as troubleshooting techniques for security configurations.
(Note: each of the items above includes two hyperlinks: the Clinic ID points to the corresponding general description, while the clinic name points to an outline of course topics).
To help cement the information covered in this training (and elsewhere in its security programs) Microsoft also offers free, one-day Hands-on Security Labs. But alas, they're completely booked up as far as they're scheduled out at present, so you should check back on the Web site and plan as far ahead as possible to try to get a seat in one of these events, if you're interested. FWIW, I do have to give the company high points for trying to provide the right information and hands-on experience to its cadre of interested professionals.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.