In Chapter 1, "Networking Basics," you learned about the differences between a client/server network and a peer-to-peer network. The primary difference between these two network types is in the security models they use. This lesson examines the nature of these security models and how they are implemented in the various Windows operating systems.
On a client/server network, the user accounts are stored in a central location. A user logs on to the network from a computer that transmits the user name and password to a server, which either grants or denies access to the network. Depending on the operating system, the account information can be stored in a centralized directory service or on individual servers. A directory service, such as Active Directory or Novell Directory Services, provides authentication services for an entire network. A user logs on once and the directory service grants access to shared resources anywhere on the network.
On a peer-to-peer network, each computer maintains its own security information and performs its own authentications. Computers on this type of network can function as both clients and servers. When a computer functioning as a client attempts to use resources (called shares) on another computer that is functioning as a server, the server itself authenticates the client before granting it access.
The two basic security models used by Windows and most other operating systems, examined in the following sections, are called user-level security and share-level security.
The user-level security model is based on individual accounts created for specific users. When you want to grant users permission to access resources on a specific computer, you select them from a list of user accounts and specify the permissions you want to grant them, as shown in Figure 13.7. Windows 2000 and Windows NT always use user-level security whether they are operating in client/server or peer-to-peer mode. In peer-to-peer mode, each computer has its own user accounts. When users log on to their computers, they are authenticated against an account on that system. If several people use the same computer, they must each have their own user account (or share a single account). When users elsewhere on the network attempt to access server resources on that computer, they are also authenticated using the accounts on the computer that hosts the resources.
Figure 13.7 A Windows 2000 Permissions dialog box
For example, user Mark Lee must have an account (mlee) on his own computer to log on to it. However, to access other network resources, there must be an mlee account on each computer that he wants to access. If Mark Lee attempts to access a network-attached computer on which there is no mlee account, he will be prompted to supply the name and password of an account on that computer. In the same way, if there is an mlee account on the network-attached computer, but with a different password, the user is prompted to supply the correct password for that account.
This user-level, peer-to-peer security model is suitable only for relatively small networks because users must have separate accounts on every computer they want to access. If users want to change their account passwords, they must change them on every computer on which they have an account. In many cases, users maintain the accounts on their computers themselves because it would be impractical for an administrator to travel to each computer and create a new account whenever a new user is added.
User-level security on a client/server network is easier to administer and can support networks of almost any size. In the user-level, client/server security model, administrators create user accounts in a directory service, such as Active Directory in Windows 2000 or a Windows NT domain. When users log on to their computers, they are actually being authenticated by the directory service. The computer sends the account name and password supplied by the user to a domain controller where the directory service information is stored. The domain controller then checks the credentials and indicates to the computer whether the authentication has succeeded or failed. In the same way, when you want to grant other network users access to resources on your computer, you select their user accounts from a list provided by the domain controller. When they try to connect to your computer, the domain controller authenticates them and either grants or denies them access.
With only a single set of user accounts stored in a centralized directory service, administrators and users can make changes more easily. Changing a password, for example, is simply a matter of making the change in one directory service record, and then the modification is automatically replicated throughout the network.
Windows Me, Windows 98, and Windows 95 cannot maintain their own user accounts. These operating systems can employ user-level security only when they are participating in an Active Directory or Windows NT domain, using a list of accounts supplied by a domain controller. In peer-to-peer mode, they operate using share-level security. In share-level security, users assign passwords to the individual shares they create on their computers. When network users want to access a share on another computer, they must supply the appropriate password. The share passwords are stored on the individual computers, and in the case of shared drives, users can specify two different passwords to provide both read-only access and full control of the share, using the interface shown in Figure 13.8.
Figure 13.8 The Sharing tab of a drive's Properties dialog box on a Windows 98 computer using share-level security
Share-level security is not as flexible as user-level security and it does not provide as much protection. Because everyone uses the same password to access a shared resource, it is difficult to keep the passwords secure. Changing a password means informing everyone who might have to use that resource. In addition, the access control provided by this security model is not as granular as that of user-level control, which you can use to grant users highly specific sets of access permissions to network resources. The advantage of share-level security is that even unsophisticated users can learn to set up and maintain their own share passwords, eliminating the need for constant attention from a network administrator.
Specify whether each of the following statements applies to user-level security, share-level security, both, or neither.