 |
Home
•
Contact
•
Services
•
Support
|
Tech Solutions |
||
 Upgrades Data Recovery Maintenance Security Networks Websites Custom Systems• Location Service • 24/7 Help |
||
 |
 |
|
 |
Philadelphia Computer Tech Support |  | ||||||||||
|
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - This chapter examines Windows 2000’s distributed security services in detail, with the focus on how intimately the security and directory services are intertwined, and how Active Directory’s objects can be secured in a granular manner that was never possible in Windows NT. It also looks at the security protocols themselves, and the role and function of each. Finally, the chapter addresses the special area of Internet security, and the added level of protection from unauthorized outside access provided by the Windows 2000 distributed security subsystem. Windows 2000 Distributed Security Services What exactly are these security services that are distributed throughout the network, and how do they work together to ensure more robust protection for user passwords and other confidential data? A number of security features, which together make up the distributed security services, are built into Windows 2000: • Active Directory security. This includes the new concept of transitive trusts, which allows user account authentication to be distributed across the enterprise, as well as the granular assignment of access rights and the new ability to delegate administration below the domain level. • Multiple security protocols. Windows 2000 implements the popular Kerberos security protocol, supports Public Key Infrastructure (PKI), and has backward compatibility with NT through the use of NTLM. • Security Support Provider Interface (SSPI). This component of the security subsystem reduces the amount of code needed at the application level to support multiple security protocols by providing a generic interface for the authentication mechanisms that are based on shared-secret or public key protocols (see Chapter 9, “The Security Support Provider Interface,” for a more detailed explanation of these protocols). • Secure Socket Layer (SSL). This protocol is used by Internet browsers and servers, and is designed to provide for secure communications over the Internet by using a combination of public and secret key technology. • Microsoft Certificate Server. This service was included with IIS 4.0 in the NT 4.0 Option Pack and has been upgraded and made a part of Windows 2000 Server. It is used to issue and manage the certificates for applications that use public key cryptography to provide secure communications over the Internet, as well as within the company’s intranet. • CryptoAPI (CAPI). As its name indicates, this is an application programming interface that allows applications to encrypt data using independent modules known as cryptographic service providers (CSPs), and protects the user’s private key data during the process. • Single Sign-On (SSO). This is a key feature of Windows 2000 authentication, which allows a user to log on the domain just one time, using a single password, and authenticate to any computer in the domain, thus reducing user confusion and improving efficiency, and at the same time decreasing the need for administrative support. As a network administrator, you are probably not most concerned with the intricacies of how the various cryptographic algorithms work (although that can be an interesting sideline course of study, especially if you are mathematically inclined). This jumble of acronyms can be used to keep your organization’s sensitive data secure. This chapter emphasizes just that—combining the distributed security services of Windows 2000 in a way that balances security and ease of accessibility in your enterprise network. 01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 - |
||||||||||||
| | |||||||||||
|
|
|||
Serving the Philadelphia area with the best in tech service and support.
-Big Jay Oakerson Spreading Comedic Mayhem Across America
Big Jay Oakerson has announced a brand new set of stand-up comedy dates
-Greetings from Cudahy
Thursday 22 Theyre not just another 60s soul-pop cover band intent on shakin yo ass theyre Social D the Adolescents the Cadillac Tramps U.S. Bombs and TSOL the OCs gnarliest exports indulging their un-punk selves their musician ids theyre the Black Diamond Riders and theyre hitching up tonight at Bar Pink. This seven-piece supergroup came together in March to resurrect dance ...
-New name same station
In a deal to help to boost advertising revenue SEPTA has renamed Pattison Station on the Broad Street Line AT&T Station. The name will take effect later this summer along with new signage and new maps system-wide all paid for as a part of a $5 million five-year deal paid by the... [This is a summary. To read the full article on SouthPhillyReview.com click the headline above.
-Software Glitch Brings AT&T's Data Network To Crawl
AT&T said that a software glitch caused a major slow-down in wireless data speeds for AT&T customers over the weekend.
-AT&T blame Alcatel-Lucent HSUPA kit for sluggish uploads
AT&T has blamed software bugs in Alcatel-Lucent HSUPA hardware for the apparent 3G upload throttling observed by some users in the US recently. According to the AT&T statement Alcatel-Lucent are working on a software fix for the bug which is affecting less than 2-percent of AT&Ts customers the carrier claims but until then users with HSUPA-capable devices will be limited to regular 3G ...
-AT&T Is Capping Upload Data Speeds [At&t
# att Uh this better be temporary. We gush about the iPhone 4's hot new upload speeds and AT&T takes it away. Mobile upload speeds in several cities like New York are capped at 100kbps1/10th of what we were seeing. More »
Updated 512 minutes ago.
Tech Philly Custom Systems Data Recovery Emergency Service Maintenance Network Service Onsite Service Repair Security Software Spyware Upgrades Viruses Website Design Website Hosting Wireless Computer