Site Security Planning

Strong Authentication

Use authentication schemes that are integrated with your network operating systems, and that use Internet standard protocols. Examples:

Network authentication protocols—such as the Kerberos v5 authentication protocol, a feature of Microsoft® Windows® 2000 Server security—distribute tickets that limit the exposure of passwords, and that authenticate users for network-wide access to resources. The Kerberos v5 protocol is a widely used Internet standard for networkwide authentication.
Public-key client certificate authentication allows users to communicate across the Internet with your site, without exposing passwords or data that would be vulnerable to easy interception.

You might also need to support special functions such as smart-card authentication, or server certificates with public keys that allow users to authenticate your servers as trusted sources.