Page 1 - Page 2 - Page 3 - Page 4 - Page 5 - Page 6 - Page 7 - Page 8 - Page 9 - Page 10

Tech Article



Tech Philly  • Computer System Cleanup Philadelphia  • Custom Computer Systems Philadelphia  • Emergency PC Service Philadelphia  • Computer Repair Philadelphia  • Tech Support Philadelphia  • Location Service Philadelphia  • Network Services Philadelphia  • PC Performamce Optimization Philadelphia  • Computer Security Services Philadelphia  • Philadelphia Data Recovery  • Business Tech Solutions Philadelphia  • Spyware Protection Philadelphia  • Software & Hardware Upgrades Philadelphia  • Wireless Networking Philadelphia  • Virus Removal & Protection Philadelphia  • Website Design and Web Hosting Philadelphia  • Tech Philly



Windows 2000 Server Security White Paper

Windows 2000 Server security goes well beyond the security available in earlier versions of the network operating system. In today’s ever-changing global environment, the more security that can be provided by a network operating system, the better off the organizations that use it will be, since organizations depend heavily on their information systems.

Why the Change?

The change in security in Windows 2000 Server is necessary as more organizations use the operating system for mission-critical applications. The more widely an operating system is used in industry, the more likely it is to become a target. The weaknesses in Windows NT came under constant attack as it became more prevalent in industry. One group, L0pht Heavy Industries, showed how weak Windows NT’s password encryption for the LAN Manager hash was. Because the LAN Manager hash was always sent, by default, when a user logged in, it was easy to crack the password. It was good that L0pht Heavy Industries revealed this weakness in the network operating system. Microsoft made provisions for fixing the problem in a Service Pack release, but in Windows 2000 Server it has replaced the default authentication with Kerberos v5 for an allûWindows 2000 domain-controller-based network.

Differences in Windows 2000 Server Security

One of the enhancements to the security in Windows 2000 Server is that Windows 2000 Server supports two authentication protocols, Kerberos v5 and NTLM (NT LAN Manager). Kerberos v5 is the default authentication method for Windows 2000 domains, and NTLM is provided for backward compatibility with Windows NT 4.0 and earlier operating systems. (See Chapter 3, “Kerberos Server Authentication .”) Another security enhancement is the addition of the Encrypting File System (EFS). EFS allows users to encrypt and decrypt files on their system on the fly. This provides an even higher degree of protection for files than was previously available using NTFS (NT File System) only. (See Chapter 6, “Encrypting File

System for Windows 2000.”)

The inclusion of IPSec (IP Security) in Windows 2000 Server enhances security by protecting the integrity and confidentiality of data as it travels over the network. Its easy to see why IPSec is important; today’s networks consist of not only intranets, but also branch offices, remote access for travelers, and, of course, the Internet.





01020304050607080910

01 - 02 - 03 - 04 - 05 - 06 - 07 - 08 - 09 - 10 - 11 - 12 - 13 - 14 - 15 - 16 - 17 - 18 - 19 - 20