Because the KDC is part of AD, the user also authenticates to the KDC and is issued a session key called a ticket granting ticket (TGT). When a user logs on, the user authenticates to AD using a password or smart card. Tickets are issued by a Key Distribution Center (KDC), which is a service that runs on every domain controller. A Kerberos ticket is encrypted data that is issued for authentication. With Kerberos, each party to a transaction proves that they are who they claim to be through the use of tickets. In Windows 2000 Server and later, Kerberos is the default authentication service. Kerberos version 5 is an industry-standard security protocol that uses mutual authentication to verify the identity of a user or computer, as well as the network service that is being accessed. With smart cards, the security of a network can be greatly enhanced because it is necessary to physically possess the card to log on.Ī major advance that first appeared in Windows 2000 was Kerberos authentication. When a smart card is inserted into a smart card device, it provides information that can be used for authentication and other purposes. Smart cards are generally the size of a credit card and have the ability to store data. Windows 2000 was also the first version to provide built-in support for smart cards. Encryption ensures that unauthorized parties are unable to view the data if they gain access to it. EFS uses a public key system to encrypt data on hard disks. IPSec allows encryption of data across the network. Windows 2000 Server was the first version to provide encryption of data over the network and in the file system. In addition, new features have been added that make Windows Server 2003 the most secure Windows server product Microsoft has ever marketed. Many of the features we’ll discuss next were implemented in Windows 2000 and have been updated in Windows Server 2003. Windows 2000 offers a number of new security features that were not previously available in Windows NT. ShinderTechnical Editor, in MCSE (Exam 70-293) Study Guide, 2003 Security Features
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |