Glossary

An entry in an object's access control list that grants permissions to a user or group.

A collection of access control entries that collectively defines the access that all users and groups have to an object.

Also known as extended key usage or enhanced key usage. Application policies give you the ability to specify which certificates can be used for specific purposes. This allows you to issue certificates widely without being concerned that they will be used for an unintended purpose.

The process of verifying the identity of something or someone. Authentication usually involves a user name and a password, but it can include any method of demonstrating identity, such as smart cards, retinal scans, voice recognition, or fingerprinting.

An IP Security (IPSec) protocol that provides authentication and data integrity but does not provide encryption.

The process of determining whether an identified user or process is permitted access to a resource, and determining the appropriate level of access for the user. The owner of a resource, or someone who has been granted permission, determines whether a user is in a predetermined group or has a certain level of security clearance. By setting the permissions on a resource, the owner controls which users and groups on the network can access the resource.

A service that transfers data from the Software Update Services or Windows Update server to the Automatic Updates client with minimal impact to other network services.

A document maintained and published by a certification authority (CA) that lists certificates that have been revoked. A CRL is signed with the private key of the CA to ensure its integrity.

Permissions that define the security principals that can read, modify, or enroll certificates based on certificate templates.

The sets of rules and settings that define the format and content of a certificate, based on its intended use.

A feature of Microsoft Windows Server 2003 that enables IP Security (IPSec) to verify that a certificate matches a valid computer account in the Active Directory forest.

A challenge-response authentication protocol for Point to Point Protocol (PPP) connections, documented in Request for Comments (RFC) 1994, that uses the industry-standard Message Digest (MD5) one-way encryption scheme to hash the response to a challenge issued by the remote access server.

A broadly released fix addressing a critical non-security-related bug for a specific problem.

An attack that prevents users from using network resources.

A certificate that provides information about the subject of the certificate, the validity of the certificate, and the applications and services that will use the certificate. A digital certificate also provides a way to identify the holder of the certificate.

When a certificate is issued, it passes through various phases and remains valid for a certain period of time. This is called certificate lifetime.

A term used to describe Wired Equivalent Privacy (WEP) when it has been configured to automatically change the shared secret in order to limit the amount of encrypted data an attacker can capture for cryptoanalysis.

An IPSec protocol that provides authentication, data integrity, and encryption.

A worm, virus, Trojan horse, or other tool that can be used by an attacker to compromise a vulnerable computer.

An authentication method primarily used to provide authentication based on smart cards or public key certificates. EAP is supported by Microsoft Windows Server 2003, Microsoft Windows XP, and Windows 2000.

An authentication method that enables clients to authenticate by using a public key certificate.