windows 2000 security n.
Skip this Video
Loading SlideShow in 5 Seconds..
Windows 2000 Security PowerPoint Presentation
Download Presentation
Windows 2000 Security

Loading in 2 Seconds...

play fullscreen
1 / 16

Windows 2000 Security - PowerPoint PPT Presentation

  • Uploaded on

Windows 2000 Security. Yingzi Jin. Introduction. Active Directory Group Policy Encrypting File System. What is a Directory Service. A directory is an information source used to store information about objects. Users want to find and use these objects

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Windows 2000 Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Windows 2000 Security Yingzi Jin

    2. Introduction • Active Directory • Group Policy • Encrypting File System

    3. What is a Directory Service • A directory is an information source used to store information about objects. • Users want to find and use these objects • Directory Service makes the information available and usable to the users.

    4. What is Active Directory • Essential and inseparable part of the Windows 2000 network architecture • Provide a directory service for distributed networking environment

    5. Active Directory - Structure • Tree structure make up of objects and containers • Objects represent network resources • users, groups, devices, applications • Containers represent organizations or collections of related objects • marketing department, printers

    6. Active Directory Security • An access-control list(ACL) protects all objects in AD. • An ACL is stored as a binary value, called a security descriptor. • Every object in AD is protected by its own security descriptor.

    7. Active Directory - Authentication • Several options for user authentication: • Kerberos: verifies the clients right to access the network and authenticates the server to the client. • Public Key Infrastructure(PKI): normally done to authenticate external users.

    8. Group Policy • New Capability in Win2K • Defines, manages, and enforces the environment settings for both computer and user objects. • Integrates with AD and can be assigned to AD sites, domains, and organizational units(OUs) • contained in Group Policy Objects(GPO)

    9. Security-related Policies • Account policies - password policies • Local policies - audit policy • File system - permissions for folders and files • System services - permission for system services

    10. Group Policy Objects(GPO’s) • Contain a set of “rules”. • To specify account and password setting, audit capabilities, etc. • Can be applied to Windows 2000 sites, domains, or OU’s.

    11. Active Directory and Group Policy • Group Policy Objects are created to set the rules that govern the domain. • A Default Domain Policy GPO at the highest lever. • Additional GPO’s can be created and applied for each “child OU”

    12. Implement Group Policy • Account policies are domain-wide • GPO’s for account settings defined for lower level OU’s will not work for domain users. • No Override and Block Inheritance Settings • Policy Processed in a hierarchy: • Local GPO’s • GPO’s applied to Sites • GPO’s applied to domain • GPO’s applied to OU’s

    13. Encrypting File System • Integral part of the new NTFS file system. • Users can encrypt/decrypt files on the fly to protect sensitive data from unauthorized access. • Uses a combination of symmetric key and public key encryption.

    14. Encrypting File System • A random file encryption key (FEK) is generated for each file. • Using the FEK, the file is encrypted using DESX • The FEK is encrypted with the user’s public key • Decryption uses the user’s or recovery agent’s private key to get the FEK

    15. Encrypting File System • Protect sensitive files and folders. • Encrypting a directory/folder encrypts all subsequent files • EFS does not cache any of the keys onto the hard disk • EFS does not encrypt required system files and folders

    16. Encrypting File System • EFS need a strong password policy • A Windows 2000 user can delete files encrypted by another user