In the wake of the Code Red worm, some experts have voiced the opinion that the Windows MCSE is light on security. While I can't dispute the relative lack of security coverage in the required core exams (70-210, 70-215, 70-216, and 70-217), there are two exams on the Windows 2000 MCSE track that cover most of the important security bases pretty well:
Given the overall requirements for obtaining a Windows MCSE these days, pursuing this approach to the MCSE curriculum shows a profound interest in (or bias toward) security matters. Ironically, it's also entirely possible -- and statistics on exams indicate highly likely as well -- that somebody could upgrade an existing MCSE or obtain a new one without taking either or both of these exams. That said, between these two exams, the most important Win2k technical security topics are covered.
The 70-220 exam deals with the broad range of internal corporate security issues and design topics, among them:
- The impact of security designs on existing systems and applications. This also includes upgrades, new product deployments, technical support requirements and integrating security concerns into network and systems management.
- Creating a proper Windows 2000 security infrastructure including audit policies, delegation of authority, placement and inheritance of group security policies, authentication strategies, PKI infrastructures and network services security.
- Designing security for communications channels, including SMB-signing, IPSec solutions, VPN links and remote access controls.
The 70-227 addresses an equally broad range of security issues and design topics, but focuses on the peripheries or "security boundaries" between organizational units and the outside world via the Internet. Topics include:
- Managing network address translations, local address tables and name- and address-handling services.
- Configuring and managing ISA Server's proxy, multimedia streaming and remote access capabilities.
- Managing VPN connections through ISA server, including VPN endpoints at the ISA server, and VPN pass-throughs.
- Configuring, securing and maintaining ISA Server's firewall capabilities, including packet filters, access control and bandwidth policies, especially policy elements such as schedules, bandwidth priorities, destination sets, client address sets, protocol definitions and content groups.
- Configuring and managing client computers for ISA Server services, including client authentication, network context management, network address translation (SecureNAT), firewall client and Web browser software.
- Managing ISA Server, including configuring intrusion detection, related alerts and alarms, monitoring alert status, checking ports and connections and analyzing ISA Server performance.
In addition, this exam also covers Internet acceleration topics, such as those related to high availability options (clustering and load balancing) and cache management that do not have direct security implications.
Between these two exams, MCSE candidates can glean important aspects of designing, implementing, configuring, managing and troubleshooting their organization's security infrastructure. But if they want to get up-to-speed for a full-fledged security certification like CISSP, SANS-GIAC, or ICSA, they'll also need to bone up on:
- Legal and ethical matters related to privacy and confidentiality, plus investigation and prosecution of intrusions or unauthorized access.
- Potential vulnerabilities related to applications and systems design and development.
- Cryptography, including symmetric and asymmetric keys, PKI design and deployment and certificate services.
- Physical security policies, practices, procedures and auditing techniques.
For generalist MCSE, however, the 70-220 and 70-227 combo does a pretty good job preparing candidates for key technical security issues like access control, disaster recovery, operations security, telecommunications, network security and general security architectures.
Though MCSEs aren't yet required to master these topics, they certainly have the opportunity to do so within the current MCSE framework. Whether these optional elements will ever become required -- or if required elements start to include more security coverage -- is anybody's guess. But recent events and the growing concern for security demonstrate that one or the other scenario is increasingly likely and warranted.
Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 30 certification-related books on Microsoft, Novell, and Sun related topics.
This was first published in September 2001