Contents
Overview 1
Lesson: Introduction to Security Threats 2
Lesson: Predicting Threats to Security 8
Lab A: Identifying Threats to Network
Security 15

Module 3: Identifying
Threats to Network
Security Information in this document, including URL and other Internet Web site references, is subject to
change without notice. Unless otherwise noted, the example companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious,
and no association with any real company, organization, product, domain name, e-mail address,
logo, person, place or event is intended or should be inferred. Complying with all applicable
copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or
transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.

PowerPoint
®
file 2830A_03.ppt.

It is recommended that you use PowerPoint version 2002 or later to
display the slides for this course. If you use PowerPoint Viewer or an earlier
version of PowerPoint, all the features of the slides may not be displayed
correctly.

To prepare for this module:

Read all of the materials for this module.

Complete the practices.

Complete the lab and practice discussing the answers.

Read the additional reading for this module, located under Additional
Reading on the Web page on the Student Materials CD.

Visit the Web links that are referenced in the module.

Presentation:
45 minutes

Lab:
45 minutes
Required materials
Important
Preparation tasks

security designers keep track of what threats management chooses to respond
to, and which threats it deems acceptable. Risk management is covered in
greater detail in Module 4, “Analyzing Security Risks.”
Students may feel overwhelmed when presented with the task of classifying
attacks according to a threat model. They may feel that modeling all potential
threats is a daunting task. Ensure them that the first time that they do threat
modeling it may take some time, but with experience it becomes easier.
Creating the team to model threats can be challenging. Encourage students to
use experienced personnel if possible, but also to choose objective participants.
The developer who created the application being modeled for threats may not
be able to conceive of any weaknesses in the application, or may
subconsciously steer the discussion away from vulnerabilities out of pride or
other emotions. In this example, the developer may provide useful technical
information for the team but may not be the most objective participant.
Common Types of
Network Vulnerabilities
How Network Attacks
Occur
Difficulties in Defending
Networks
The STRIDE Threat
Model
Steps for Predicting
Threats with a Threat
Model
Module 3: Identifying Threats to Network Security v

Assessment
There are assessments for each lesson, located on the Student Materials
compact disc. You can use them as pre-assessments to help students identify

3.xls, located in the Answers folder under Webfiles on the Student Materials
CD. Be sure to print the answers out and study them before you conduct the lab.

When discussing the lab answers, encourage groups of students to write their
top 10 threats on the whiteboard, and discuss students’ conclusions as a class.
The answers in the spreadsheet are suggested answers only. Encourage students
to find additional threats, such as inexperienced administrators. Also mention to
students that the spreadsheet is available to them on the Student Materials CD.
For general lab suggestions, see the Instructor Notes in Module 2, “Creating a
Plan for Network Security.” Those notes contain detailed suggestions for
facilitating the lab environment used in this course.
Important
Important
General lab suggestions
vi Module 3: Identifying Threats to Network Security

Customization Information
This section identifies the lab setup requirements for a module and the
configuration changes that occur on student computers during the labs. This
information is provided to assist you in replicating or customizing Microsoft
Official Curriculum (MOC) courseware.
This module includes only computer-based interactive lab exercises, and as a
result, there are no lab setup requirements or configuration changes that affect
replication or customization.

The lab in this module is also dependent on the classroom
configuration that is specified in the Customization Information section at the
end of the Automated Classroom Setup Guide for Course 2830A, Designing
Security for Microsoft Networks.


2 Module 3: Identifying Threats to Network Security

Lesson: Introduction to Security Threats

*****************************
ILLEGAL FOR NON
-
TRAINER USE
******************************
A threat describes a danger or vulnerability. Threats can occur from a variety of
sources, such as attacks or an incorrectly configured application.
After completing this lesson, you will be able to:

Explain why network attacks occur.

Describe who attacks networks.

Describe common types of network vulnerabilities.

Describe how network attacks take place.

List the difficulties of defending networks.

Introduction
Lesson ob
jectives