Microsoft’s New Security Specialization

The MCSA and MCSE certifications add a new Security designation

Microsoft recently added several specialization designations to its popular certification program. Specialization designations recognize individuals who have demonstrated advanced knowledge in a particular branch of the Microsoft certification curriculum. Specialization designations exist for the Microsoft Certified Systems Administrator (MCSA) and Microsoft Certified Systems Engineer (MCSE) certifications and enhance those certifications—they aren't separate certifications. For example, the MCSE: Messaging specialization recognizes individuals who have demonstrated proficiency with Microsoft Exchange Server in addition to the MCSE curriculum. In contrast, the Microsoft Certified DBA (MCDBA) certification shares some exams in common with the MCSE credential but is an entirely separate certification.

One of the newly announced specializations is the Security designation. This new designation recognizes individuals who have completed the MCSA and MCSE programs and can demonstrate an understanding of the security process as it applies to Windows networks. Microsoft's move to highlight security as an aspect of the certification process mirrors the company's continuing effort to make security a priority in all aspects of its products and services.

The Security designation carries more "assumption baggage" than any other certification title. We all probably have assumptions about what a candidate who holds a Security specialization should know. Some assume that those with a Security specialization know the contents of the popular Hacking Exposed: Network Security Secrets & Solutions (McGraw-Hill, 2003), by Stuart McClure, Joel Scambray, and George Kurtz, backwards and forwards. Others assume that the material covered on the security exams is all that one needs to know about security on the Windows platform. Neither of these assumptions is correct.

Rather than encouraging memorization of different types of hacking incidents and appropriate responses, the Microsoft security exams concentrate on how to secure systems by performing unglamorous, simple tasks such as correctly applying rights and permissions to ensure that users on the network can access only the resources they're authorized to access. The underlying philosophy of the exams is that security is a continuing process rather than a particular endpoint. Although this image might not be as romantic as that of the white-hat hacker defending the network from nefarious intruders, it's a more realistic representation of the sorts of tasks that those who are responsible for security on a Windows network perform on a daily basis.

Studying for Security
To earn the Security designation, candidates must pass security-focused exams in addition to the core MCSA or MCSE curriculum. The security exams fall into two categories: platform and general. The platform category has two tracks—the Windows Server 2003 security track and the Windows 2000 Server security track—with different exams that reflect the differences between the two OSs. Each platform track has two subtracks: security administration and security design. As their names suggest, the administration subtrack focuses on the day-to-day tasks of securing a Windows network and the design subtrack focuses on designing a secure Windows network given a particular scenario. The general category consists of Exam 70-227: Installing, Configuring, and Administering Microsoft Internet Security and Acceleration (ISA) Server 2000, Enterprise Edition and Exam SY0-101: CompTIA Security+.

MCSA: Security specialization candidates must take two exams in addition to the core MCSA exams. The first of these two exams is the platform-specific security administration exam. For an MCSA on Win2K, this exam is Exam 70-214: Implementing and Administering Security in a Microsoft Windows 2000 Network; for an MCSA on Windows 2003, the exam is Exam 70-299: Implementing and Administering Security in a Microsoft Windows Server 2003 Network. The second exam can be either Exam 70-227 or Exam SY0-101. The MCSA is typically four exams: three core exams and one elective. An MCSA candidate can take Exam 70-214 or Exam 70-299 as the one elective, then take Exam 70-227 or Exam SY0-101 to achieve the MCSA: Security specialization in five exams.

An MCSE: Security specialization candidate must take three exams, rather than two, in addition to the core MCSE requirements. The platform-specific security administration and design exams are two of these three exams. As with the MCSA certification, the third exam must be Exam 70-227 or Exam SY0-101. MCSE candidates on Win2K can achieve their Security specialization without any extra exams. The Win2K MCSE requires three electives, one of which must be a design exam. If a candidate chooses Exam 70-214, Exam 70-220: Designing Security for a Microsoft Windows 2000 Network, and Exam 70-227, he or she can satisfy the MCSE and Security specialization requirements with no extra work. The Windows 2003 MCSE certification requires two electives, one of which must be a design exam. Thus, a candidate who starts a Windows 2003 MCSE with the intention of achieving the Security specialization must take eight exams rather than the seven typically required for the certification.

Essential Knowledge
Candidates taking the security administration exam on either platform must demonstrate knowledge of security templates, security updates, IP Security (IPSec), RRAS security, public key infrastructure (PKI), Encrypting File System (EFS), and proper responses to security incidents. Candidates taking the security design exam on either platform must know how to design security baselines, audit strategies, PKI solutions, network services security, security-enhanced WAN access, and IPSec solutions.

Candidates taking Exam 70-227 must install, configure, and troubleshoot an ISA Server 2000 server. The requirements include being able to upgrade from Microsoft Proxy Server 2.0, configure ISA Server hosting roles, troubleshoot VPN access, configure access control and bandwidth policies, and use logs and alerts to monitor network security. I've provided the barest possible outline of the exam requirements. You can find a more specific description of what each exam covers at Microsoft's training and certification Web site (http://www

The CompTIA Security+ certification covers more vendor-neutral ground. Candidates for this certification must master general security concepts such as access control models, authentication methods, and attack types; secure communication services such as Remote Authentication Dial-In User Service (RADIUS) and Secure Sockets Layer (SSL); infrastructure security such as firewall use; cryptography basics; and physical security of assets such as servers. Again, this is a brief description; for a more complete listing of exam topics, see the CompTIA Web page at

The Microsoft Security specializations and the CompTIA Security+ certification are far from the only security certifications available. Almost every vendor's certification program now has a security track, from Cisco Systems' Cisco Certified Security Professional (CCSP) to Sun Microsystems' Sun Certified Security Administrator for the Solaris Operating System. These certifications have met with varying levels of success. The International Information Systems Security Certification Consortium (ISC)2 runs the vendor-neutral Certified Information Systems Security Professional (CISSP) Certification. The CISSP is arguably the most respected security certification in part because a candidate must demonstrate that he or she has worked in information security for 4 years. The CISSP is also generally considered more difficult than many vendor certifications. An individual who attains the MCSE: Security specialization might reasonably consider tackling the CISSP certification 12 to 18 months later.

Microsoft's new security specialization should prove popular. Although people pursue certification for a variety of reasons, foremost in many candidates' minds is improving prospects for a raise or a new job. Candidates look for ways to stand out in the pack as well as to get in early on the next big trend in technology. Anything to do with improving security has perceived value, perhaps because of the proliferation of viruses and worms and the increased emphasis on security in the post-millennium environment.

Since the Microsoft Certified Professional (MCP) program began in 1992, more than 1.5 million people have achieved Microsoft certification worldwide.

Source: Microsoft

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.