Securing the Authentication Process
Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
It is important to secure your authentication process to protect your system against various types of security threats, such as password-cracking tools, brute-force or dictionary attacks, abuse of system access rights, impersonation of authenticated users, and replay attacks. In addition, if you share resources on your network with other organizations, you must ensure that your authentication policies interoperate with the authentication policies that are in place on other systems.
For a worksheet to use in documenting authentication security policies, see "Authentication Security" (DSSAUT_2.doc) on the Windows Server 2003 Deployment Kit companion CD (or see "Authentication Security" on the Web at http://www.microsoft.com/reskit).
Figure 14.4 shows the process for securing authentication.
Figure 14.4 Securing Authentication