In the past month, we've seen an unusual amount of activity on the virus and worm fronts, including Sircam, Goner, BadTrans, various Code Red variants and lots of hoopla about IIS security. That probably explains why I've gotten numerous e-mails from concerned Microsoft professionals asking what they should do, certification-wise, to raise their security consciousness and capabilities.
This fall, I wrote a tip about raising the security bar for the Windows 2000 MCSE. At the time, I was of the opinion that MCSEs who want to cover important security bases would be pretty well served by taking these two exams:
- 70-220 Designing Security for a Windows 2000 Network
- 70-227 Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition
Today, after spending some time examining the content of those exams in relation to what savvy Windows administrators need to know about security, I've changed my mind. In fact, I've been forced to conclude that while those exams are helpful in covering some security topics for Windows systems and networks, they don't cover enough of the bases that need covering to do the job right.
So what's a conscientious Windows professional to do? Fortunately, there are lots and lots of options:
You can also sign up for Microsoft's security bulletins here as well. Anyone with security related responsibilities for Windows systems, applications, or services should take advantage of these bulletins.
For those who want to go it on their own, I'd also recommend obtaining and reading current, useful books on general and Windows security topics. (Richard Bejtlich, Network Security Engineer, has a good reading list on Amazon. Jay Heiser is an Infosec columnist with an equally good, but longer, list.)
One thing's for sure: more attention to security matters is becoming more important at Microsoft as it is in so many other places. I'm hopeful that when the next generation of Server .NET exams is released, they'll up security content and coverage accordingly. But only time will tell! Until then, I urge you to supplement your knowledge base with one or more of these additional sources of information, skills, and best practices.
Ed Tittel is a principal at a small content development company based in Austin, Texas, and the creator of the Exam Cram series, and has worked on over 30 certification-related books on Microsoft, Novell, and Sun related topics.
This was first published in December 2001