Determining Windows 2000 Network Security Strategies |
Windows 2000 Server includes Internet Authentication Service (IAS) as an optional component. This service implements an industry-standard network authentication security protocol, Remote Authentication Dial-In User Service (RADIUS), which allows centralization of account authorization. RADIUS also allows you to specify how long the session can last and what IP address can be used. IAS can also record session details, providing accountability, and reporting options.
You can also use IAS is if you want to outsource your remote access facilities but continue to control the authentication of people trying to use those facilities. In this case, the outsourcing vendor can direct the authorization requests from their Routing and Remote Access servers to your IAS servers. IAS authenticates accounts against native Windows 2000 domains and Windows NT 4.0 domains.
You need to place IAS Server behind your firewall with ports opened on the server for RADIUS authentication and appropriate User Datagram Protocol (UDP) packets.
For more information about installing and using IAS, including operating suggestions, see Windows 2000 Server Help. Windows 2000 Server Help also includes best practices for additional security details, and information about scaling IAS in large environments and using IAS logging effectively.