|< Day Day Up >|| |
Authentication distinguishes legitimate users from uninvited guests, and is the most visible, and fundamental, concept in security. From ATM PIN numbers to driver's licenses to user names and passwords, authentication is a part of everyone's daily life. Without authentication, it is impossible to restrict access to network resources. If an authentication strategy is too weak, uninvited guests such as worms, Trojan horses, and malicious attackers gain access to your network. Password guessing, password cracking, and man-in-the-middle attacks all attempt to exploit weaknesses in an organization's authentication strategy. If an authentication strategy is too restrictive, attackers are kept out, but legitimate users may not be able to do their jobs.
While authentication is a security concept, it can affect an organization's productivity and costs. If authentication is distributed, users will have different user names and passwords for each network resource they access. This, in turn, will increase Help desk costs when users lose track of passwords. Similarly, requiring extremely complex passwords will make it more difficult to impersonate legitimate users. However, if those users cannot remember their passwords, they will be denied access to network resources, which decreases their productivity.
This chapter introduces you to the separate but related concepts of authentication and authorization. You will learn about the various credentials that can be used to verify a user's identity and the variety of protocols that can be used to transmit credentials across a network. You will understand how to authenticate users who access your network resources by using a Web browser, in addition to users who are members of domains other than your own.
This chapter presents the skills and concepts that are required to plan and configure authentication strategies in a Microsoft Windows Server 2003 environment.
To complete the practices, examples, and lab exercises in this chapter, you must have:
A private, non-routed network.
Two computers. On the first computer, perform a Windows Server 2003 installation with default settings, and assign the computer name Computer1.
On the second computer, configure the hard disk with two partitions. Install Windows 98 on the first partition. Then install Windows Server 2003 on the second partition so that the computer can dual-boot between the two platforms. On both Windows 98 and Windows Server 2003, assign the computer name Computer2.
Added the domain controller role to both computers using the default settings. Computer1 should host the domain cohowinery.com. Computer2 should host the domain cohovineyard.com.
Both computers should be configured to use themselves as their own primary DNS server and the other computer as the secondary DNS server.
After completing this module, you will be able to:
Describe the importance of authentication.
Distinguish between problems caused by authentication and authorization.
Design an authentication strategy that meets an organization's security requirements without becoming too costly or cumbersome.
Determine the authentication protocols that should be enabled on your network.
Configure authentication for users who access network resources by using a Web browser.
Keep anonymous Web users from accessing resources that they are not specifically allowed to access.
Create trusts between Active Directory domains to enable authentication for resources in remote domains.
|< Day Day Up >|| |