Chapter 18 - Planning for Security

Chapter 18

Security, in definition and practice, has changed tremendously within just the past few years. Stretching technology to increase the scope and latitude of what we're able to accomplish exposes new and often venomous danger points. Amidst the legions of hackers, spies, terrorists, corporate raiders, professional criminals, and vandals, unprotected networks can fall prey to attack. Today's system administrator has real security threats to address and needs to implement a solution that is both safe and unobtrusive.

Microsoft Windows 2000 includes a bevy of configurable security features and options ranging from an entire public-key infrastructure to a protocol that protects individual packets as they cross the network. With that said, Windows 2000 security has come under intense scrutiny and many security gaps have been closed with fixes in Service Packs 1 through 3. Others, no doubt, are waiting to be discovered. However, with some care you should be able to maintain a highly secure Windows 2000 system, one that's more secure than any previous version of Windows and in line with the security offered by UNIX systems.

In this chapter, we introduce cryptographic smart cards, revisit some of the security components that are integral to earlier Microsoft products, and explore the new security features added to Windows 2000. We review the common denominators of security such as authentication, data protection, and access control. We tour the Windows 2000 public-key infrastructure and take a detailed look at some of the security-enabled protocols the server uses. We introduce virtual private networks (VPNs). Finally, we cover the underlying cryptographic application interface in Windows 2000, Microsoft Cryptographic Application Programming Interface (Cryptographic API, or CryptoAPI).