Black Hat Windows Security 2003

Note: if the class is overfilled, then you will be wait-listed until there are enough students to fill a second class. You will be contacted should this occur.


Windows 2003 Training
February 24-25 2003
Seattle Sheraton Hotel & Towers

All course materials, lunch and two coffee breaks will be provided.
You must provide your own laptop.
A Certificate of Completion will be offered to students completing the course.

Course Length: 2 days

Cost: US $2000 before January 15, 2003 or US $2200 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.

Sold Out!

course description
Two Day Course
Mon, Feb 24 thru Tues, Feb 25
Microsoft Ninjitsu: Securely Deploying MS Technologies
Timothy Mullen, AnchorIS
What to bring:
Students should bring their own network-ready laptops preferably running NT or Win2k with CDRom drive and an open mind.  A CD will be provided with reference material, sample code, and utilities.


The key to securing a Microsoft infrastructure is to build security into the foundation. When properly configured, the Microsoft suite of technologies can be deployed to provide highly available, reliable, and secure network services.

This intensive two-day course will take you on a journey through the full deployment cycle of the most common Microsoft products, stopping along the way to sniff the packets and secure the route less traveled. If you make it to the end of Day Two in one piece, you will be prepared to snatch the pebble from the Master's palm.


Day One: Infrastructure

  • Win2k Domain Controllers
    • Active Directory Domains and Forests
    • DNS
    • Operations Masters and Global Catalogs
    • Sites and Services
    • Group Policy and Organizational Units
    • Certificate Services
  • Client Configuration
    • Leveraging XP Pro Clients
    • Security Policies
    • System Restrictions
    • Software Restrictions
    • Encryption and IPSec
  • Exchange 2000
    • Setup and Configuration
    • Default protocols: HTTP, SMTP, POP3, IMAP
    • Multiple sites
  • SQL Server 2000
    • Setup and Configuration
    • Authentication Modes
    • SQL Server/Agent Service Security Contexts
    • Client/Process data access and best practices
    • Auditing Tools
  • IIS 5.0
    • Setup and Configuration
    • ISAPI extensions and application mapping
    • WWW, FTP, SMTP Services
    • HTTPS Configuration and Certificates
    • Authentication models and NTFS Permissions
    • IIS Lockdown / URL Scan
    • Component Services
    • Secure ASP Development and Auditing Tools

Day Two: Deploying Internet Services

  • ISA Server
    • Setup and Configuration
    • Packet Filters and Protocol Rules
    • Policy Elements (Address Sets, Authentication, Schedules)
    • Application Filters
    • Web, Firewall and Secure NAT Clients
  • Publishing Services
    • Web Publishing
    • Publishing Exchange Services (SMTP, POP3, etc)
    • 3rd Party SMTP Gateway Solutions and Filtering
    • Publishing Multiple OWA Sites Securely
    • Publishing Terminal Services, Alternate Port Configuration, and TS Web
  • Remote Access
    • RAS and Routing Service Configuration
    • Client VPN Setup
    • Point-to-point ISA VPN Servers

Course Length: 2 days

Cost: US $2000 before January 15, 2003 or US $2200 after January 15, 2003
NOTE: this is a two day course. A Certificate of Completion will be offered.

Sold Out!


Timothy Mullen is CIO and Chief Software architect for AnchorIS.Com, a developer of secure enterprise-based accounting solutions.  Mullen is also a columnist for Security Focus' Microsoft Focus section, and a regular contributor of InFocus technical articles.  A.k.a. Thor, he is the founder of the "Hammer of God" security co-op group.

Black Hat Logo
(c) 1996-2007 Black Hat