? Home | Site Map | Search | Contacts
About Us
Report Incidents
Incident Statistics
Security FAQS

Search NISER
? NISER > SANS/NISER Asia Pacific > Track 5: GCWN
Welcome to SANS/NISER Asia Pacific
October 7 - 12, 2002
Kuala Lumpur, Malaysia
Get Brochure(PDF)
Main | FAQS | Track 1: GSEC | Track 2: GCFW | Track 5: GCWN | Registration | Accommodation

10/7 Mon. 5.1 Windows 2000/XP: Active Directory, DNS and Group Policy Jason Fossen
10/8 Tue. 5.2 Windows 2000/XP: Public Key Infrastructure, Smart Cards and the Encrypting File System Jason Fossen
10/9 Wed. 5.3 Windows 2000/XP: IPSec and VPNs Jason Fossen
10/10 Thu. 5.4 Securing Internet Information Server 5.0 Jason Fossen
10/11 Fri. 5.5 Windows 2000/XP: Scripting for Security Jason Fossen
Pricing RM $7,961 (US $2,095) with certification exam(s) for GIAC certification
Rate includes lunches and breaks.
Go to the Registration page to enrol in this conference and how to make payment.
165, Jalan Ampang,
50450 Kuala Lumpur, Malaysia

The Windows Security Certification Track (Track 5) is a comprehensive curriculum for securing Windows 2000/XP networks. The seminars bring the confusing complexity of Windows 2000/XP security into clear focus by starting with foundational security services, such as Active Directory and Group Policy, and advancing in a logical progression to particular products or features which rely on these foundations, such as IIS and IPSec. The seminars provide best practices for security, hands-on exercises, extensive documentation/screenshots in the book-like manuals, a CD-ROM of security/hacking tools, and an objective account of Windows security (neither bashing Microsoft nor toeing the party line). Whether you learn it at SANS or elsewhere, you cannot claim to be a Windows 2000/XP security expert without mastering the information and skills presented in Track 5.

You have six months following the conference to complete GIAC certification requirements. Detailed information can be found at http://www.giac.org/steps.php.

5.1 Windows 2000/XP: Active Directory, DNS and Group Policy
Jason Fossen, Fossen Networking and Security
Monday, October 7, 2002
9:00 AM 5:00 PM

Active Directory provides the security infrastructure upon which the rest of Windows 2000/XP security depends. Virtually all concepts new to Windows 2000/XP presuppose an understanding of it, including Group Policy. Dynamic DNS replaces WINS.

Group Policy replaces and greatly enhances NT System Policy and the Security Configuration Editor. Group Policy is how you will secure and manage the Windows 2000/XP systems throughout your enterprise, whether your enterprise consists of 20 or 20,000 systems. Without an understanding of Active Directory and Group Policy it will be impossible (not just difficult) to secure your Windows 2000/XP network.

This course will quickly get you on top of what you need to know about Active Directory, DNS and Group Policy. The manual is written from a tools-oriented perspective, and includes extensive text and screenshots. You are encouraged to bring a Windows 2000 Server laptop with you, though this is not required.

Who Should Attend This Course:

  • NT, Unix and NetWare administrators new to Windows 2000/XP.
  • Anyone interested in the security aspects of Active Directory, DNS and Group Policy


Topics Include:
  • What is Active Directory?
  • Active Directory Structure: Forests, Trees, Sites, Domains, OUs, etc..
  • Active Directory replication and SYSVOL.
  • Permissions on Active Directory containers and objects.
  • ADSI scripting overview: Windows Script Host, PerlScript, ASP.
  • Command-line Active Directory tools.
  • Dynamic DNS
  • What is Group Policy?
  • Group Policy links to domains, OUs and sites.
  • Group Policy override, inheritance and loopback mode.
  • Group Policy security templates and registry settings.
  • Group Policy startup, shutdown, logon and logoff scripts.
  • Command-line Group Policy tools.


"Excellent material for setting up AD and securing it"
-- Bruce Elliott, West Jet Airlines, Ltd.
"Jason's approach to explaining active directory has been by far the best I've heard. This, after reading various literature/articles and taking "W2K updating skills" course through IKON"
-- Julian Brown DOE
"Solid introduction to core issues the rest of the Win2K relies upon."
-- Tony Povoas, Rubus, Ltd
Back To Top ^

5.2 Windows 2000/XP: Public Key Infrastructure, Smart Cards and the Encrypting File System
Jason Fossen, Fossen Networking and Security
Tuesday, October 8, 2002
9:00 AM 5:00 PM

Digital certificates play an essential role in Windows 2000/XP security. Kerberos authentication with Smart Cards, IPsec, EFS, secure e-mail, SSL/TLS, etc. can all use digital certificates. Windows 2000/XP provides a comprehensive Public Key Infrastructure (PKI) for managing certificates and making their use as transparent as possible for users. Windows 2000/XP PKI uses Active Directory to store certificates, Group Policy to manage their use, CryptoAPI to make cryptographic services seamless with the operating system, and the Protected Storage service to keep private keys safe. With Windows 2000/XP Certificate Services, you can also be your own private Certification Authority (like VeriSign).

Smart Cards are the size of credit cards, but include a microprocessor and EEPROM memory. A Smart Card will contain one's certificate and private key. It is used with Kerberos for secure two-factor authentication, and with e-mail applications for signing and encrypting messages. Windows 2000/XP provides built-in support for Smart Cards through CryptoAPI.

The Encrypting File System (EFS) prevents attackers from reading hard drive data, even if they have physical control of the drive. It is ideal for laptops which may be stolen. EFS is a native and transparent feature of the NTFS file system, not a separate utility.

This course will quickly get you on top of what you need to know about Windows 2000/XP PKI, Smart Cards and EFS. PKI in particular can be a complex topic, but it is the future of security on the Internet.

Who Should Attend This Course:

  • All Windows 2000/XP network administrators
  • Anyone new to PKI or cryptography
  • Anyone who is planning a PKI deployment
  • Anyone researching Smart Cards or data privacy
  • Anyone planning to use L2TP VPNs or IPSec
Topics Include:
  • Cryptography and PKI Essentials
  • Certificate Services and Active Directory
  • Managing User, Computer and Service Account X.509 Certificates
  • Private Key Storage and Protection
  • Smart Card Authentication with Kerberos
  • Encrypting File System (EFS)
  • Best Practices for Deployment
Tools Discussed:
  • Certification Authority snap-in
  • Certificates snap-in
  • Certificate Services Website
"A boot camp for tomorrows technology distilled to an easily digestible format with a side order of well placed humor."
-- Steve Mancini, Intel
"This course was amazing. Even with a minimal background in crypto and PKI, the course material was still easy to follow and complete The presentation covered all areas in an orderly fashion and left me feeling well prepared to start planning my own PKI initiative."
-- Michael Rowehl, GOTO
Back To Top ^

5.3 Windows 2000/XP: IPSec and VPNs
Jason Fossen, Fossen Networking and Security
Wednesday, October 9, 2002
9:00 AM 5:00 PM

Windows 2000/XP includes native support for IP Security (IPSec). IPSec provides authentication, integrity-checking and encryption of TCP/IP packets in a way which is transparent to users and applications. IPSec on Windows 2000/XP can also be used for flexible packet filtering. IPSec has become the de facto standard for securing IP traffic over the Internet and is used with L2TP for Virtual Private Networking.

Virtual Private Networking (VPN) is a method of securely using the Internet to carry one's confidential network traffic. A VPN creates an encrypted "tunnel" through the Internet to connect a roaming user to his or her corporate LAN, or to connect two or more LANs together with VPN routers. This eliminates the costs of long-distance leased lines like ISDN. Windows 2000/XP includes a VPN router called the Routing and Remote Access Service.

The Routing and Remote Access Service (RRAS) is a multi-protocol, multi-purpose router. RRAS can be used as a dial-up server for POTS, ISDN or VPN clients. RRAS can use RIPv2 or OSPF to route traffic between Ethernet, Token Ring, dial-up, VPN and other interfaces. Each interface can perform static packet filtering. RRAS can also be used as a demand-dial router for PPP/SLIP or VPN connections to save on connect charges.

VPNs on Windows 2000/XP also support Smart Card authentication of users and certificate-based security for IPSec connections, hence, these products are also integrated into the Windows 2000 PKI.

Who Should Attend This Course:

  • All Windows 2000/XP network administrators
  • Anyone new to IPSec or evaluating it
  • IIS web farm administrators (IPSec)
  • Anyone using VPNs or researching them
  • Dial-up and VPN server administrators


By The End Of This Course You Will Be Able To:
  • Create IPSec Policies and Filters
  • Install and configure IPSec through Group Policy
  • Use certificate-based security for IPSec with the Windows 2000 PKI
  • Configure IPSec from the command-line with IPSECPOL.EXE
  • Install the Routing and Remote Access Service (RRAS)
  • Configure RRAS packet filters and dial-up policies
  • Use Smart Card authentication for dial-up clients
  • Use RRAS for client-to-router or router-to-router VPNs


"IPsec was a surprise to me, as to its 'additional' functionality. Again, Excellent instruction on a complex subject."
-- Brian Seanbach, Berkshire Life
"The course materials are excellent. Most courses only go into a little more detail than the slides. These materials expand greatly on each slide - very few notes need to be taken so I can concentrate on learning."
-- Gordon Taylor, Royal Bank
Back To Top ^

5.4 Securing Internet Information Server 5.0
Jason Fossen, Fossen Networking and Security
Thursday, October 10, 2002
9:00 AM 5:00 PM

Internet Information Server is Microsofts HTTP, FTP, SMTP and NNTP server for Windows 2000. A large percentage of Internet web servers run IIS, including major e-commerce sites such as Dell and eBay, and IIS is one of the foundational servers for Microsoft's ".NET" initiative. At the same time, many of the most notorious Microsoft security vulnerabilities are found in IIS. Hence, the demand for IIS security personnel is great.

After attending this seminar you will know how to install, configure and harden IIS against attack. We will discuss exactly which features to uninstall, files to delete, services to disable and permissions to set. IPSec is used for resilient packet filtering and securing web farm communications. TCP/IP settings can also be modified to help withstand SYN Floods and other distributed denial of service attacks.

Because IIS is really an application server, we will discuss the different methods of authenticating to IIS, including Kerberos and certificate-based authentication, and how IIS authorizes file access based on user identity. We will see how ISAPI Extensions and Filters support server-side applications, and how to isolate vulnerable DLLs and processes. Finally, we will see how to use logging data and remote administration tools.

The manual can be read like a book, and contains numerous screenshots and references. 90% of this course will apply to IIS 4.0 as well.

Who Should Attend This Course:

  • e-Commerce Solution Providers
  • NT and Windows 2000/XP Administrators and Webmasters
  • IIS Web Application Developers
  • Internet Service Providers


Topics Include:
Planing Your Network Architecture
  • Firewall Design
  • DMZ Domain Controllers
  • Administration Requirements

Server Hardening

  • Service Packs and Hotfixes
  • Website Location
  • Dangerous Files
  • Dangerous Services
  • WebDAV
  • Protocols and Bindings
  • TCP/IP Parameters
  • IPSec Filtering and Authentication

IIS Authentication

  • Anonymous
  • Basic
  • Digest
  • Kerberos
  • NTLM
  • Certificate


  • IIS/HTTP Permissions
  • NTFS Permissions
  • Application
  • Permissions Wizard
Web-Based Applications
  • ISAPI Filters
  • ISAPI Extensions
  • HTTP Verbs
  • OLE Controls
  • Session State
  • Buffer Overflows
  • Process Isolation Techniques
  • Securing the Metabase

Logging and Auditing

  • Event Viewer logs
  • IIS logs and accounting
  • Hacking signatures
  • SSL Connection logging
  • Securing log files

Remote Administration

  • Delegation of authority
  • HTML Administration Website
  • Terminal Services
  • Scripting and Tools
"I work with IIS daily, and this was an excellent course that I would highly recommend to any NT/2000 administrator."
-- Arian S. Evans, JS Central Credit Union
"Exceptionally comprehensive coverage of IIS 5.0. Raised my awareness for the necessity of security."
-- Jason W. Morris, RESPEC
"Every IIS admin needs this course. You learn to secure IIS at every level."
-- Jeff Christman, DCSS
Back To Top ^

5.5 Windows 2000/XP: Scripting for Security
Jason Fossen, Fossen Networking and Security
Friday, October 11, 2002
9:00 AM 5:00 PM

Virtually every aspect of Windows 2000/XP can be managed from the command line or with scripts. This includes Active Directory, NTFS permissions, shared folders, audit logs, IIS, the registry, and more. Besides regular batch files, the built-in script interpreter, the Windows Script Host (WSH), can run scripts written in VBScript, JScript or Perl (with a free add-on). Repetitive and complex security tasks can be automated, if only they can be scripted and scheduled-- this course will show you how to do it.

In addition to logon scripts, Windows 2000/XP Group Policy can assign startup, shutdown, logon and logoff scripts to machines automatically. The Windows Installer Service can also be used to deploy Service Packs and hotfixes to hundreds of computers in the same way. Finally, the new Task Scheduler on each system is easier to use, more secure and accessible remotely.

These scripting capabilities come at a price. We will analyze the ILOVEYOU virus and walk through its VBScript code to see exactly how it works, then discuss how to defend against e-mail viruses in general.

This seminar will use VBScript to demonstrate the use of ADSI, WMI and COM to automate security tasks. Attendees are encouraged to bring Windows 2000 laptops with CD-ROM drives, but this is not required. Knowing VBScript is not a prerequisite for coming to the seminar. VBScript is a very user-friendly language and we will walk through the scripts together.

Who Should Attend This Course:

  • All Windows NT/2000/XP network administrators
  • Those who want to automate their work
  • Those who want command-line control of Windows
  • Windows network auditors
  • E-mail administrators who dislike script viruses
  • Anyone who wants to learn VBScript


Topics Include:
  • Windows Script Host (WSH) and VBScript
  • Script distribution through Group Policy
  • Windows Installer Service for deploying Service Packs


  • The New Task Scheduler
  • Analysis of the ILOVEYOU virus
  • Scripting ADSI, WMI and COM
  • Script libraries, editors and debuggers
  • Plus many example security scripts&
"Jason is great! Clear, practical instruction that allows you to secure your resources now and prepare/plan for the future."
-- Brian Dellinger, Tuck School of Business
"No matter how well you think you know Windows security, there will be some new, valuable information available in this course."
-- Gordon Taylor, Royal Bank
"The Securing Windows 2000 course has made me much more comfortable with our deployment. I now feel like we will be able to deploy it in a highly secure fashion."
-- John Ives, UC Berkeley
Back To Top ^

Disclaimers and copyright information
Last Update March 3, 2002