Contact info for Tech Philly
Home  •  Contact  •  Services  •  Support

            Tech Solutions

PC Upgrades Upgrades
Data Recovery Data Recovery
Computer Repair, Maintenance, and update Maintenance
Security From Viruses, Hackers, and Spyware Security
Network Solutions Networks
Website Search Engine Optimization Google Rank Increase Websites
Computer Repair Philadelphia Gateway Compaq Custom Systems

  • Location Service
  • 24/7 Help

Philadelphia Computer Tech Support
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

This chapter examines Windows 2000’s distributed security services in detail, with the focus on how
intimately the security and directory services are intertwined, and how Active Directory’s objects can be
secured in a granular manner that was never possible in Windows NT. It also looks at the security protocols
themselves, and the role and function of each. Finally, the chapter addresses the special area of Internet
security, and the added level of protection from unauthorized outside access provided by the Windows 2000
distributed security subsystem.
Windows 2000 Distributed Security Services
What exactly are these security services that are distributed throughout the network, and how do they work
together to ensure more robust protection for user passwords and other confidential data? A number of
security features, which together make up the distributed security services, are built into Windows 2000:
• Active Directory security. This includes the new concept of transitive trusts, which allows user
account authentication to be distributed across the enterprise, as well as the granular assignment of
access rights and the new ability to delegate administration below the domain level.
• Multiple security protocols. Windows 2000 implements the popular Kerberos security protocol,
supports Public Key Infrastructure (PKI), and has backward compatibility with NT through the use of
• Security Support Provider Interface (SSPI). This component of the security subsystem reduces
the amount of code needed at the application level to support multiple security protocols by providing
a generic interface for the authentication mechanisms that are based on shared-secret or public key
protocols (see Chapter 9, “The Security Support Provider Interface,” for a more detailed explanation of
these protocols).
• Secure Socket Layer (SSL). This protocol is used by Internet browsers and servers, and is designed
to provide for secure communications over the Internet by using a combination of public and secret
key technology.
• Microsoft Certificate Server. This service was included with IIS 4.0 in the NT 4.0 Option Pack and
has been upgraded and made a part of Windows 2000 Server. It is used to issue and manage the
certificates for applications that use public key cryptography to provide secure communications over
the Internet, as well as within the company’s intranet.
• CryptoAPI (CAPI). As its name indicates, this is an application programming interface that allows
applications to encrypt data using independent modules known as cryptographic service providers
(CSPs), and protects the user’s private key data during the process.
• Single Sign-On (SSO). This is a key feature of Windows 2000 authentication, which allows a user
to log on the domain just one time, using a single password, and authenticate to any computer in the
domain, thus reducing user confusion and improving efficiency, and at the same time decreasing the
need for administrative support.
As a network administrator, you are probably not most concerned with the intricacies of how the various
cryptographic algorithms work (although that can be an interesting sideline course of study, especially if you
are mathematically inclined). This jumble of acronyms can be used to keep your organization’s sensitive data
secure. This chapter emphasizes just that—combining the distributed security services of Windows 2000 in a
way that balances security and ease of accessibility in your enterprise network.
01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20 -

  Home Contact Data Recovery Search Engine Web Design/Hosting Networks

Serving the Philadelphia area with the best in tech service and support.

Tech Philly Custom Systems Data Recovery Emergency Service Maintenance Network Service Onsite Service Repair Security Software Spyware Upgrades Viruses Website Design Website Hosting Wireless Computer