Authentication and Access Control

The root of enterprise security lies in controlling access to data–that is, in controlling each user’s ability to see, modify, and delete data. Data can be extremely diverse, including:

• E-mail, address books, or collaborative documents (such as those in Microsoft Exchange)
• Heterogeneous data stored in centrally managed relational databases (such as Microsoft SQL Server)
• Communications with host mainframes (perhaps managed by SNA Server)
• Information on a Web site (perhaps accessed by Internet Information Services)
• Documents that you download using Windows NT Remote Access Service
• Simple memos on your desktop computer

Although there is no single security mechanism for handling all of these cases, the principles for handling them are relatively simple and stem from a basic, well-understood set of threats.

Security starts with legitimate users: employees, system administrators, business partners, and customers. You do not trust them all with the same information. The process of identifying these users is called authentication (or simply logging on). As with most commercial operating systems, passwords dominate authentication in the Windows NT arena, though smart card authentication may soon be available as a common, cost-effective alternative. Although the public key certificates (see “Certificates” later in this chapter) are often a critical component in network-wide authentication, a password or smart card always unlocks the first door.

Single-logon is perhaps the most important property of Microsoft authentication. Under single-logon, you first log on to the workstation running Windows NT. For the duration of your logon session, your identity is automatically and securely passed to all the local and network services you request. With single-logon you do not have to remember alternative usernames or passwords, or use them in interactions that can compromise them. Single-logon also makes it easier to incorporate advanced authentication techniques, such as smart cards. Although single-logon may sound simple, it requires a great deal of infrastructure and is a key goal of the enabling technologies, which are described later in this chapter.

Establishing the user’s identity is only half the challenge. The other half is attaching information to various data objects denoting who can and cannot access that object and in what manner (read, write, delete, change access control permissions, and so forth). Access Control Lists (ACLs) appear throughout the Windows NT enterprise environment, and those on the Windows NT native file system (NTFS) are the very basis of its security. Briefly, an ACL is a list of Windows NT users or user groups with access permissions for an object. The permissions are usually targeted to the object the ACL protects. For example, shared printers typically have Print and Manage permissions, and files and directories have Read and Write permissions. In some cases users who create an object manage its ACL, but in other cases management is restricted to administrators.