Security - The Three Core Concepts

All the aspects of security that we'll be examining in this chapter focus around three core concepts:

• Authentication is all about identifying the user precisely and reliably when they log onto the system, and when they access any resource within it. If NT cannot identify individual users, it can't tell what resources they should be allowed to access.
• Encryption consists of storing and passing information from one place to another in such a way that it cannot be read by anyone who intercepts it. User's passwords and usernames are stored in encrypted form within Windows.
• Auditing is the technique of recording what goes on inside the operating system as users request and work with the resources it makes available to them. In particular it's used to identify where, when and how undesirable accesses were either attempted or even achieved.

In this first section of the chapter, we're mainly concerned with authentication and auditing. We'll come to encryption when we later move on to look at Internet Information Server.

© 1998 by Wrox Press. All rights reserved.