Chapter List

Introduction

Previous chapters of this book examined ways to keep networks and systems secure from a variety of threats by implementing security configurations aimed at protecting traffic on a network. This chapter examines the concept of authentication: ensuring that users and servers are who they claim to be.

When Windows NT 4.0 and Windows 95 still had a major share of corporate networks, security analyst's used NT LAN Manager (NTLM) for authentication and hoped it worked. Truth be told, there were not many other easily implemented or understood solutions. With Windows 2000, this no longer holds true. Windows 2000 provides fully integrated Kerberos authentication support natively in all Windows 2000 Active Directory organizations. Although NTLM and NTLMv2 can still be used, it is not necessary in a purely Windows 2000 network. Networks containing legacy clients such as Windows NT or Windows 9. x computers, however, are forced to utilize NTLMv2 for authenticating these clients.

Likewise, when it came time for authenticating users who were accessing Web sites, security analyst's often relied on anonymous authentication and basic authentication. Anonymous authentication simply directs all user access attempts at a Web site towards one specially configured domain user account that has limited permissions. Basic authentication provides more control such as what Web site users can and cannot do, but transmits credentials in encoded plaintext across the Internet. Windows 2000 provides...