Determining Windows 2000 Network Security Strategies |
Some users might want to access secured company applications when they are away from their offices. Some of these applications are relatively simple, such as time management, company benefits registration, or similar programs. Others are complex, such as accounting systems and line-of-business applications. Make sure that you secure these applications so that only authorized users can access the data and that they can only make authorized changes. This also provides accountability, because use of the applications can be tracked to specific users.
Windows 2000 includes a variety of security technologies that provide application developers with options for including network security. The choice of technologies depends on:
The application-oriented network security technologies include:
These network security technologies, and the network technologies that access them, relate to each other as indicated in Figure 17.6. Note that SSP in the figure stands for SSPI Security Provider, meaning the interface between the security facility and SSPI. Remote Procedure Call (RPC), Microsoft® Distributed Component Object Model (DCOM), and Windows Sockets (Winsock) are process-to-process communication methods. WinInet (Windows Internet API) is a programming interface used to initiate and manage Web interfaces.
The network security technologies are in the lower half of the diagram, starting at the SSPI. The network technologies are in the upper half of the diagram and are located underneath the application box that uses them.
Figure 17.6 Relationships of Sample Network Application Security Technologies
Work with your corporate application developers and vendors to determine which application-oriented network security technologies you need to deploy. These technologies do not require any further infrastructure planning; however, you do need to determine how your developers can benefit from the more powerful network security that Windows 2000 provides. For example, they might consider using smart cards to ensure secure user authentication when the Routing and Remote Access or VPN links are set up.