Introduction to Microsoft Windows 2000 Security

1
Introduction to Microsoft Windows 2000 Security

• Microsoft Windows 2000 Security Services Overview
• Security subsystem components
• Local security authority (LSA) functionality
• Windows 2000 security protocols
• Security Support Provider Interface (SSPI)
• Determining Security Business Requirements
• Designing Security to Meet Technical Requirements

2
Windows 2000 Security Services Overview

• Security subsystem components
• LSA functionality
• Windows 2000 security protocols
• SSPI

3
User Mode vs. Kernel Mode
4
Security Subsystem Components

• Netlogon service
• Windows NT LAN Manager (NTLM) authentication
  protocol
• Secure Sockets Layer (SSL) authentication
  protocol
• Kerberos v5 authentication protocol
• Kerberos Key Distribution Center (KDC) service
• LSA server service
• Security Accounts Manager (SAM)
• Directory Service module
• Multiple Authentication Provider

5
LSA Functionality

• Allows users to authenticate interactively
• Generates an access token for the security
  principal
• Manages local security policy
• Manages audit policy and settings
• Builds a list of trusted domains
• Determines user privileges
• Reads the system access control list (SACL) for
  each object
• Ensures that a security principal has the
  necessary rights to perform tasks
• Manages memory quotes for use of both paged and
  nonpaged memory

6
Windows 2000 Security Protocols

• Distributed Password Authentication (DPA)
• Secure channel (SChannel) services
• NTLM
• Kerberos v5

7
NTLM Authentication Protocol
8
Kerberos V5 Authentication
9
Security Support Provider Interface (SSPI)
10
Determining Security Business Requirements

• Analyze business requirements.
• Identify business factors that affect security
  design.

11
Analyzing Business Requirements

• Business model
• Business processes
• Projected growth
• Management strategy
• Current security policy
• Tolerance of risk
• Laws and regulations
• Financial status
• Current employee skill sets

12
Making the Decision Business Requirements

• Centralized administration model
• Decentralized administration model
• Business processes
• Projected growth
• Aversion to risk
• International business
• Cost constraints
• Required skill sets

13
Applying the Decision Business Requirements for
Lucerne Publishing

• Centralized administration for user accounts
• Decentralized administration of servers
• Decentralized administration of user passwords
• Business process alignment
• Plans for future growth
• Issues with the Havana office
• Considerations for risk aversion
• Skill set shortages

14
Designing Security to Meet Technical Requirements

• Determine technical requirements that affect the
  security plan.
• Plan for technical requirements.

15
Technical Requirements That Affect the Security
Plan

• Total size and distribution of resources
• Performance considerations
• WAN links
• WAN usage
• How data is accessed
• Administrative structure
• Current application base

16
Making the Decision Defining Technical
Requirements

• Physical sites
• Performance requirements
• Existing WAN links
• Current administrative structure
• Current application base

17
Applying the Decision Technical Requirements at
Lucerne Publishing

• Logon performance
• Site definitions
• Server placement
• Other performance requirements
• Current administrative structure

18
Chapter Scenario Lucerne Publishing
19
Chapter Summary

• Microsoft Windows 2000 Security Services Overview
• Security subsystem components
• LSA functionality
• Windows 2000 security protocols
• Security Support Provider Interface (SSPI)
• Determining Security Business Requirements
• Determining business requirements
• Designing Security to Meet Technical Requirements
• Determining technical requirements