Web Administration for Windows NT Server provides the capability to administer remote Windows NT servers anywhere on an intranet and from the Internet. Terra Flora recognized that they could communicate on the Internet with thousands of potential customers. Conversely, this means that they could be opening their corporate intranet to these same thousands, creating a certain degree of risk. Terra Flora management realized that they need to implement a security configuration that would reduce some of this risk.
Web Administration for Windows NT Server supports several modes of security. Each server administered must support Basic authentication, Windows NT Challenge Response security, or both. Also, the Secure Sockets Layer (SSL) protocol can be used with either or both of these modes for encryption. With encryption turned on, the information in a session is not displayed in readable format by the user.
Basic authentication simply prompts the user for a name and password when the administrator accesses the server. The name supplied is checked against the members of the administrators group on the server. Passwords are transmitted in clear text, which means that they can be viewed.
Windows NT Challenge Response is more sophisticated, and passwords are not transmitted over the network. With this security, the administrator must be logged on to the computer with a user name that is recognized as a member of the Administrator group on the computer they want to administer.
When choosing between Basic authentication and Windows NT Challenge Response, the administrator must consider what the Web browser used to administer the server supports. For more information about what security is supported by different browsers, see the "Browser/Password Authentication Matrix" at http://www.microsoft.com/ntserver/webadmin/webadminfaq.htm.
Terra Flora will also configure Web Administration for Microsoft Windows NT to use the Secure Sockets Layer (SSL) protocol. SSL supports authentication of users and encryption of session data. To use SSL, Terra Flora administrators must obtain a certificate from a certificate authority such as VeriSign. For more information on SSL, see Chapter 5, "Securing Your Site Against Intruders," in the online Windows NT Server Microsoft Internet Information Server Installation and Administration Guide.
Because the Web browsers at Terra Flora support only Basic authentication, Terra Flora decided to use SSL. Even if additional clients supporting Windows NT Challenge Response are supplied with Web browsers, SSL will still be used because SSL encrypts all data in the session. See the section "Adding SSL to Provide Additional Security" later in this chapter for details.
If you are not familiar with Internet security, see the following sources to learn more about it:
Chapter 3, "Configuring and Managing Your Internet Information Server," in the online Microsoft Internet Information Server Installation and Administration Guide.
Chapter 5, "Securing Your Site Against Intruders," in the online Microsoft Internet Information Server Installation and Administration Guide.
Chapter 3, "Server Security on the Internet," in the Microsoft Windows NT Server Resource Kit: Windows NT Server Internet Guide.
For more information about general Windows NT Server security, see the following:
Windows NT Server Concepts and Planning.
Chapter 2, "Network Security and Domain Planning," in the Microsoft Windows NT Server Resource Kit: Windows NT Server Networking Guide.