Sample Planning Worksheets

Previous Topic Next Topic

Security Features

Enterprise-level security needs to be flexible and robust so that administrators can configure rules to address possible security liability without hindering the free flow of needed information. Table A.4 highlights Windows 2000 security features.

Table A.4 Security Features

Feature Role of this feature within my organization
Security templates

Allows administrators to set various global and local security settings, including security-sensitive registry values; access controls on files and the registry; and security on system services.

 
Kerberos authentication

The primary security protocol for access within or across Windows 2000 domains. Provides mutual authentication of clients and servers, and supports delegation and authorization through proxy mechanisms.

 
Public key infrastructure (PKI)

You can use integrated PKI for strong security in multiple Windows 2000 Internet and enterprise services, including extranet-based communications.

 
Smart card infrastructure

Windows 2000 includes a standard model for connecting smart card readers and cards with computers and device-independent APIs to enable applications that are smart card aware.

 
Internet Protocol security (IPSec) management

IPSec supports network-level authentication, data integrity, and encryption to secure intranet, extranet, and Internet Web communications.

 
NTFS file system encryption

Public key–based NTFS can be enabled on a per file or per directory basis.

 

For more information about deploying Windows 2000 security services, see "Planning Distributed Security" and "Determining Windows 2000 Network Security Strategies" in this book.

© 1985-2000 Microsoft Corporation. All rights reserved.