Securing the Authentication Process

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

It is important to secure your authentication process to protect your system against various types of security threats, such as password-cracking tools, brute-force or dictionary attacks, abuse of system access rights, impersonation of authenticated users, and replay attacks. In addition, if you share resources on your network with other organizations, you must ensure that your authentication policies interoperate with the authentication policies that are in place on other systems.

For a worksheet to use in documenting authentication security policies, see "Authentication Security" (DSSAUT_2.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Authentication Security" on the Web at https://www.microsoft.com/reskit).

Figure 14.4 shows the process for securing authentication.

Figure 14.4   Securing Authentication