Security hosts

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security hosts

A security host is an authentication device that verifies whether a connection is authorized to connect to a remote access server. This verification supplements security already supplied by Network Connections and by the Windows Server 2003 family. There are two kinds of security hosts:

• Those which perform authentication checks during a modem call

  This type of security host sits between you and the remote access server and performs an authentication check before remote access server authentication. This type of security host generally provides an extra layer of security by requiring a hardware key of some sort in order to provide authentication. Verification that you are in physical possession of the key takes place before access to the remote access server is granted. With this open architecture, your system administrator can select from a variety of security hosts to augment the security in Network Connections, but the authentication check is restricted to modem calls.

  For example, one such security system consists of two hardware devices: the security host and the security card. The security host is installed between the remote access server and its modem. The security card is a small unit the size of a credit card that resembles a pocket calculator without keys. The security card displays a different access number every minute. This number is synchronized with a similar number calculated in the security host every minute. When connecting, you send a PIN number and the number on the security card to the host. If these match the number calculated on the host, the security host connects you with the remote access server.

  Another security host of the same type prompts you to type in a user name (which may or may not be the same as the remote access user name) and a password (which differs from the remote access password). The security host must be configured to allow the remote access server to initialize the modem before the security functions take effect. The remote access server must also be able to directly initialize the modem connected to the security host without security checks from the security host.

• Those which are called during the authentication process of the connection

  This type of security host provides custom authentication during the remote access authentication process. This authentication may augment or replace the standard verification of your network credentials by Routing and Remote Access in the Windows Server 2003 family. RADIUS servers are examples of this type of security host in that they perform user authentication on behalf of Routing and Remote Access. With the introduction of the Extensible Authentication Protocol (EAP), other vendors can create interfaces between remote access authentication and their own proprietary servers. Servers of this type are used to verify smart cards and other forms of extended authentication.

Note

• To make other security devices work with your connection, you must activate Terminal mode to interact with the security host. For more information, see Use the Terminal feature to log on to a remote computer.