Sample Planning Worksheets |
Enterprise-level security needs to be flexible and robust so that administrators can configure rules to address possible security liability without hindering the free flow of needed information. Table A.4 highlights Windows 2000 security features.
Table A.4 Security Features
Feature | Role of this feature within my organization |
---|---|
Security templates
Allows administrators to set various global and local security settings, including security-sensitive registry values; access controls on files and the registry; and security on system services. |
|
Kerberos authentication
The primary security protocol for access within or across Windows 2000 domains. Provides mutual authentication of clients and servers, and supports delegation and authorization through proxy mechanisms. |
|
Public key infrastructure (PKI)
You can use integrated PKI for strong security in multiple Windows 2000 Internet and enterprise services, including extranet-based communications. |
|
Smart card infrastructure
Windows 2000 includes a standard model for connecting smart card readers and cards with computers and device-independent APIs to enable applications that are smart card aware. |
|
Internet Protocol security (IPSec) management
IPSec supports network-level authentication, data integrity, and encryption to secure intranet, extranet, and Internet Web communications. |
|
NTFS file system encryption
Public key–based NTFS can be enabled on a per file or per directory basis. |
For more information about deploying Windows 2000 security services, see "Planning Distributed Security" and "Determining Windows 2000 Network Security Strategies" in this book.