Windows 2000
Security Features
Windows 2000
introduces a number of
W
indows 2000 has seen the introduction of many new technologies to the
Windows platform, some in the area of security. Support has been
added for better enterprise security as well as better security support
for the standalone user.
new security technologies
to the Windows platform,
Authentication
and provides a usable
Windows 2000 sees the introduction of a new protocol for authentication between
Windows 2000 machines on a Windows 2000 based network. This authentication
front end for many that
protocol is the open standard protocol known as Kerberos (version 5).
previously required
Microsoft, however, has made an extension to the original Kerberos protocol to
extensive configuration,
allow the initial authentication of users using public key certificates instead of the
standard shared secret keys normally used by Kerberos version 5. The extensions
thus making them much
in this manner now allow interactive logons to Windows 2000 using smart cards.
easier to use.
As well as Kerberos, Windows 2000 contains support for four other authentication
systems: Windows NT LAN Manager (NTLM), Distributed Password Authenti
By Justin Kapp
cation (DPA), Extensible Authentication Protocol (EAP) and Secure Channel
(SChannel). Windows 2000 uses NTLM to authenticate in Windows NT 4.0 based
Risk Management
environments, whereas DPA, EAP and SChannel are all used to authenticate over
Consultant
dial up networks or networks such as the Internet. By default, Windows 2000 will
use Kerberos to authenticate with other Windows 2000 based servers, or when
using resources within a Windows 2000 based networking environment. Win
dows 2000 will use NTLM when communicating with Windows NT 4.0 based
servers or when operating within a Windows NT 4.0 based domain environment
or machines which are running a previous Windows platform.
Windows 2000 will use DPA to authenticate on the Internet to allow the Windows
2000 user to use the same password with Internet based resources that are part
of the same membership organisation as the Windows 2000 user. DPA, however,
is not supplied out of the box ; with Windows 2000 it is an add on product.
Finally, SChannel is designed to provide authentication, data integrity and secure
communication over the Internet. SChannel includes four protocols:
G
Secure Sockets Layer (SSL) version 2.
G
Secure Sockets Layer (SSL) version 3.
G
Private Communication Technology (PCT) version 1.
G
Transport Layer Security (TLS) version 1.
Using these protocols, SChannel provides authentication using digital certifi
cates.
Windows 2000 has seen the movement from proprietary mechanisms to more
open standard mechanisms for authentication. This allows Windows 2000 to
support a wider range of clients or access a wider range of environments. It also
moves away from the proprietary mechanisms that in the past have proven to be
a security weakness in the Windows platform.
Distributed Security
Windows 2000 has brought a new order to security services within the Windows
platform in the guise of Windows 2000 Distributed Security Services. And Win
Issue 123:October 2000
PC Network Advisor
File: T1722.1
page 3
Tutorial:Windows NT/2000
www.itp journals.com
Next page >
New! The best sites for quality inkjet printer cartridges and the best sites for cheap inkjet cartridges