Windows 2003 Securitty Training

Hi all,
I am about to give a Windows 2003 security training to junior IT auditor. I was wondering what would be the top 5 issues/elements that all IT Auditor should know when they go to audit Windows 2003?

I was thinking
1) File/Folder permission; yes this looks to be easy but its quite complicated and tricky
2) Active directory -this is the heart of Windows 2003 and all IT auditor should know about Group Policy and how GP is being applied in the Windows environment. - essentially lookinat at the right GP.

what else? any idea? or got training material that freely available on the internet that I can use as a based?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TG TranIT guyCommented:
1.  Admin group memberships and delegation
2.  Security audit - logon failure events
3.  Rouge DHCP
4.  DNS replication to non-AD DNS servers
5.  Windows Security patches/updates - up to date
6.  RRAS policy
7.  Password policy
8.  Ex-employees and contractors - appropriate access level or lack there of

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hardware Audit, Software Audit, Security Audit, Usage Audit and possibly a appropriateness audit..

Each of these audits have multiple sections, security being the worst..

Cern, NSA etc have extensive information from a gov perspective.
Universities have think tanks about specific subjects and there are a plethora of sites that specialize in specifics like google hacking, linux, windows etc...

Usually, the auditors that I use, have a arsenal of proprietary software products that does 'best practice' auditing on most fronts..
And then, some tests are just done with open source tools...

Security training material is plentiful, getting a structured course it difficult as the standards are constantly changing, so any course will be out of date at the time you get it. But the more reputable courses have people maintaining them constantly.

Its will also depend on their previous experience, its pretty hard to get someone to harden a linux system without understanding the internals...
Or to tech them IP when the most they have done is add a static IP entry...

So usually, security is a senior role, and I wouldnt expect anyone to be any good without at least 5 yrs experience and a degree in computers or equiv.

Domain funtional levels, group types and scopes, DACL/ACL of all security principals, External access through RDP/Telnet/RAS, file and folder auditing, a good understanding of event logs and good sites like to investigate logs with.  
Security account setup and monitoring of SQL, securing Exchange, ISA, IAS, RRAS, WINS, DNS, DHCP, Active Directory.  If you are running any CAs and the use of digital certificates and encryption.  The use of WSUS.

Anything that you might find in the 70-299 MCP is the very least security knowledge an auditor should have.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.