Introducing Windows 2000 Deployment Planning |
Enterprise-level security needs to be flexible and robust so that administrators can configure rules to address possible security liability without hindering the free flow of needed information. Table 1.8 highlights Windows 2000 security features.
Table 1.8 Security Features
Feature | Description | Benefits |
---|---|---|
Security Templates | Allows administrators to set various global and local security settings, including security-sensitive registry values; access controls on files and the registry; and security on system services. | Allows administrators to define security configuration templates, then apply these templates to selected computers in one operation. |
Kerberos authentication | The primary security protocol for access within or across Windows 2000 domains. Provides mutual authentication of clients and servers, and supports delegation and authorization through proxy mechanisms. | Speeds performance by reducing server loads while connections are being established. You can also use it to access other enterprise computing platforms that support the Kerberos protocol. |
Public key infrastructure (PKI) | You can use integrated PKI for strong security in multiple Windows 2000 Internet and enterprise services, including extranet-based communications. | Using PKI, businesses can share information securely without having to create many individual Windows 2000 accounts. Also enables smart cards and secure e-mail. |
Smart card infrastructure | Windows 2000 includes a standard model for connecting smart card readers and cards with computers and device-independent APIs to enable applications that are smart card-aware. | Windows 2000 Smart Card technologies can be used to enable security solutions throughout your intranet, extranet, and public Web site. |
Internet Protocol security (IPSec) management | IPSec supports network-level authentication, data integrity, and encryption to secure intranet, extranet, and Internet Web communications. | Transparently secures enterprise communications without user interaction. Existing applications can use IPSec for secure communications. |
NTFS file system encryption | Public key–based NTFS can be enabled on a per file or per directory basis. | Allows administrators and users to encrypt data using a randomly generated key. |
For more information about deploying Windows 2000 security services, see "Planning Distributed Security", "Planning Your Public Key Infrastructure" and "Determining Windows 2000 Network Security Strategies" in this book.