About
Subscribe
  • Home
  • /
  • Security
  • /
  • Improving security management with Windows 2000

Improving security management with Windows 2000

Johannesburg, 22 Feb 2000

Windows 2000, Microsoft`s newest operating system, was created to help organisations strike the proper balance. Windows 2000 leverages the powerful security features of Windows NT -- including single sign-on, easy to use administrative tools for security policy and account management, and a security model predicated on tight integration with the Microsoft BackOffice family of application services -- and extends them with new features designed specifically to enable the creation of distributed networks that are secure, easy to deploy, easy to manage, and easy to use.

Centralising Security Management

One of the most important new security features of Windows 2000 is integration with the Windows 2000 Active Directory. It is a standards-based directory service that is integrated with Windows 2000 and simplifies management, extends security and improves interoperability. Within the Active Directory, companies can store information about network elements such as users, machines and applications.

"Active Directory integration helps Windows 2000 overcome an especially annoying set of issues for both managers and users of distributed network systems," says Justin Agar, Microsoft product manager at AXiZ. "Up until now, complicated network infrastructures with multiple security models have forced users to log on repeatedly as they move among applications and systems, often with a different profile at each new entry point."

For administrators, that means redundant, complex management, increasing the chances that users will be given too little access to the resources they need, hampering business processes, or too much access to the system, creating serious security problems.

Active Directory uses containers and objects to organize network resources in a logical hierarchy, storing all the information about users, groups, machines, and applications in one location and then giving network administrators an easy way to update that information. Users seeking access to network resources now only have to pass through a single checkpoint.

With Active Directory and Windows 2000, network managers can delegate selected administrative privileges to designated users; implement policy-based management that allows them to assign specific security controls to classes of machines, for example, or to Internet or extranet users, applications, or servers; control access to printers, folders, and other resources; and assign different sets of authentication procedures for different groups of users, all from a single location.

Simpler Access and Better Performance

In addition to simplifying security management, Active Directory also serves as the foundation for a wide range of security services that provide for the authentication of users as they enter the system, while protecting the integrity of data and applications that reside within, and safeguarding data as it moves between systems. Key features include the Security Configuration Manager, a "define once, apply many times" technology that allows administrators to put security configurations into a template and apply it to selected computers in a single operation, and IP Security (IPsec), which provides encryption of network traffic between systems, safeguarding internal networks, and providing secure virtual private networking (VPN) over the Internet to a company`s internal network.

Another security service that is now included in Windows 2000 is the Kerberos Version 5 authentication protocol. An open-standards protocol, Kerberos provides authenticity ("I am who I say I am"), confidentiality ("This message really came from me"), and integrity ("The message has not been tampered with since I sent it") of network communications. It specifies how users establish the authenticity of their identity on the network. Created at MIT, it is a "shared-secret" protocol that authenticates not only the user, but the network as well, protecting against hackers who attempt to impersonate a server to enter the network.

Kerberos replaces Windows NT LAN Manager as the primary protocol for network authentication and access to resources in Windows 2000, and offers a number of important security enhancements, including improved authentication performance, which results in faster overall network performance.

Public Key Infrastructure (PKI) has also been added to Windows 2000, with important implications for security. PKI represents a standards-based security architecture that combines public-key cryptography with digital certificates to verify the safety and integrity of data and documents and validate the identity of users who are coming in over the Internet. It provides network administrators with a powerful way to protect the security of their communications and business transactions on the Internet.

"Once companies make the move, the transition to Windows 2000 will provide an important competitive advantage," says Agar.

Share

Axiz

AXiZ is South Africa`s premier computer component and peripherals distribution company, with offices in Johannesburg, Durban, Cape Town and Pretoria and a staff complement exceeding 170 professionals. Founded in 1989, AXiZ has evolved from a supplier of memory modules and processors to be the leading distributor of branded end-to-end PC components, from motherboards, processors and PC cards to networking products, storage products, software, monitors, peripherals and graphics cards. In addition, AXiZ provides services such as a PC and server configuration service, customer deliveries, and training and education.

Editorial contacts