Security

Use this quick guide to locate information about security. You will find information about security features which are new to Windows 2000, direction on designing and implementing a security plan, ideas for making workstations secure, and detailed information about the security features of Windows 2000.

 Understand whats new in security.

Learn about new features in Windows 2000 security and how those compare to available security features in older versions of Windows.

• See Whats New later in this chapter.

 Design and implement a security plan.

Designing a security plan includes setting security goals and strategies and deciding on the level of security you need. Deciding on the level of security means weighing the pros and cons of higher versus lower security. Higher security requires more administration but ensures only the right people will have access to your resources. Lower security creates a more flexible and open environment, but might not be as secure as other configurations.

• See Planning for Security later in this chapter.

 Understand client authentication.

Windows 2000 security requires user authentication. Different authentication schemes are appropriate depending on your computing environment. Windows 2000 supports interactive logon and network authentication using Kerberos, NTLM, and smart cards, among other things.

• See User Authentication later in this chapter.

 Understand user rights and permissions.

Windows 2000 provides permissions and user rights which enable specific, detailed management of your security environment combined with powerful group management technologies. Set rights and permissions to determine the activities and access allowed for users. Carefully setting these attributes affects how users computers behave and how secure they are.

• See Security Groups, User Rights, and Permissions later in this chapter.

 Understand and implement security policy.

Security policy enforces uniform security standards for groups of users. Use security policy to establish a basis of security for your environment. Different from user rights and permissions, security policy applies to all users or objects in your deployment.

• See Security Policy later in this chapter.

 Understand and implement security templates.

Security templates provide a way to apply consistent security to multiple computers. Security templates work much like security policy, but they can be applied to any computer and provide an easy way to apply a customized set of default security settings.

• See Security Templates later in this chapter.

 Understand and implement remote access.

Allowing users to access your network using a modem provides opportunity for more flexibility and productivity for users but also presents unusual security challenges. If you use remote access, make sure your system is configured to maintain security.

• See Remote Access later in this chapter.

 Understand and implement Internet Protocol security.

When you send information over the Internet, Windows 2000 makes it possible for you to encrypt all information above the transmission layer, producing a secure tunnel even through insecure connections.

• See Internet Protocol Security later in this chapter.

 Understand and implement Encrypting File System.

Data on your hard disk drive can use the Encrypting File System (EFS) to ensure that even people with access to your physical computer are unable to read the contents of your hard disk drive. EFS can be a key security feature on all computers but is particularly helpful on portable computers that are difficult to physically secure.

• See Encrypting File System later in this chapter.

 Understand public key technology.

Public key technology allows you to encrypt data for confidentiality and use data signing for integrity. Learn how Windows 2000 uses public key technology to secure your information assets.

• See Public Key Technology later in this chapter.

 Protect user data on portable computers.

Portable computers present special security risks. Understand what those risks are, decide how to mitigate them, and then implement a plan that will protect your portable computers, while still allowing users flexibility.

• See Protecting User Data on Portable Computers later in this chapter.