Introduction

The latest release of Microsoft s network operating system (NOS) is Windows 2000. Many employees will use Windows 2000 at home to access their corporate networks. One thing that you must make sure of is that their connection will be safe for your network. Allowing access into your network from anywhere outside your security measures creates an opportunity for someone to exploit any weaknesses in the software and gain access to your network.

Invariably, Microsoft had to provide solutions to this problem, so they incorporated a host of new security features in Windows 2000. The most notable addition to Windows 2000 could quite possibly be Active Directory (AD). AD is a new environment for Windows 2000, and is based on the open standard of Lightweight Directory Access Protocol (LDAP) instead of the more proprietary Users, Groups, and Domains. A single sign-on method has also been incorporated to allow for a single sign-on process for access to network resources.

This new directory structure brings several key security pieces to the table. The addition of Kerberos v5 allows, again, for an open standard approach, and NT LAN Manager (NTLM) provides compatibility with previous OS versions. Some of the other open standards embraced in Windows 2000 include:

• IP Security (IPSec) Allows for secure transmissions within IP networks. Incorporates security using an Encapsulating Security Payload (ESP) or an Authentication Header (AH).

• Extensible Authentication Protocol (EAP) Provides support for third-party authentication products, to be used with PPP. EAP allows for support of Kerberos, Secure Key...