Security
Table 13.1 highlights the new security features of Windows 2000, including how these new features compare to Microsoft Windows NT version 4.0, Microsoft Windows 95, and Microsoft Windows 98.
Table 13.1 Security Feature Comparison
Windows 2000 |
Windows NT 4.0 |
Windows 95 and Windows 98 |
|---|---|---|
Kerberos is provided, enabling single sign-on for network services. |
No Kerberos or single sign-on support provided. |
Same as Windows NT 4.0. |
Encrypting File System (EFS) is supported. |
No EFS provided. |
Same as Windows NT 4.0. |
virtual private networks (VPNs) supported using PPTP and L2TP. |
PPTP supported. L2TP not supported. |
Same as Windows NT 4.0. |
Public Key (PK) Certificate Manager provided for public key administration. |
No PK Certificate Manager provided. |
Same as Windows NT 4.0. |
Internet Protocol security (IPSec) provided, encrypting all information included above the transport layer. |
No IPSec provided with Windows NT 4.0. |
Same as Windows NT 4.0. |
Auditing of security events configurable to a range of detail levels. Audited events logged for later review. |
Auditing available, but on a narrower scope than provided with Windows 2000. |
No auditing provided. |
Highly configurable access control for network resources using groups, user rights, permissions, and Security Policy. |
Some access control available through permissions settings. |
Only user-based security using permissions. |
Permissions are maintained, regardless of where a file is moved. For example, restricted files remain restricted, even when placed in a public folder. |
Permissions are inherited and reapplied when files are moved to new locations. |
Only user-based security. Permissions not applied to files. |
Determining the identity of a user, computer, or service is critical to creating a secure environment. Only after an identity has been authenticated should authorization to use information or resources be granted. There are numerous ways to authenticate, each of which provides different advantages and disadvantages. Authentication is achieved through authentication protocols. Windows 2000 maintains and builds upon the set of authentication protocols supported by earlier versions of Windows. Table 13.2 provides a comparison of authentication protocols.
Table 13. 2 Authentication Protocol Comparison
Authentication Protocol |
Windows 2000 |
Windows NT 4.0 |
Windows 95 and Windows 98 |
|---|---|---|---|
Kerberos |
X |
O |
O |
NTLM v2 |
X |
X |
O |
NTLM v1 |
X |
X |
X |
EAP |
X |
O |
O |
MSCHAPv2 |
X |
X |
X |
MSCHAP |
X |
X |
X |
CHAP |
X |
X |
X |
SPAP |
X |
X |
X |
PAP |
X |
X |
X |