Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4.

Published byAlison Newman Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4."— Presentation transcript:

1 Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4

2 What is it??? A Client/Server approach to authenticate user’s identity through central database Hence, More secure More scalableand Easier to manage

3 Highlights of win2k DS Integration with Active Directory… Kerberos Version 5 SSL 3.0

4 Win2k Security Features… Active Directory –Store for all domain Security policy and account information –Supports hierarchical name space –Replication of Domain Controller –Support multilevel hierarchy tree of domains New authentication based on ISSP –Kerberos Version 5 –TSL

5 Features Optional use of smart cards MCS to issue X.509 version 3 certificates Introduces CryptoAPI for certificate management External users can be authenticated using public-key certificates Easy to use tools

6 Active Directory Repository...

7 Directory Service Not another Directory As an example a telephone directory An information store for every entity

8

9 Advantages Account management Support more than 1 mn. objects with better performance Administration of accounts LDAP and directory synchronization

10 Directory and Security Services Fundamental relationship exist between AD and security services AD stores domain security policy info. –Like domain-wide password restrictions and system access privileges Object based security model and access control –A unique security descriptor to define access permissions to read/update object

11

12 Directory and Security Services Access to security info in AD is governed by Win2k Win2k security components can trust the security info in the AD. Win2k trusts that security policy is stored securely

13 Domain Trust Relationship Hierarchical domain tree AD supports two forms of trust relationships: –One way trusted domains –Two-way transitive trust(default)

14

15 Domain Trust Relationship Default Trusts –Parent and Child[2-way transitive] –Tree-Root[2-way transitive] Other –External –Realm –Forest –Shortcut

16 Delegation of Administration Valuable tool for administration Small subset in a domain has permission to manage accounts Rights to create groups and users is at OU level

17 Delegation of Administration Three ways to define delegation –Delegate permissions to change properties on a particular container –Delegate permissions to create/delete child objects, like users, groups, printers etc. –Delegate permissions to update any child property beneath OU, like password etc.

18 Fine-Grain Access Rights AD objects uses win2k security descriptors to control object access Every object has a unique Security Descriptor Access Control List (ACL)

19 Fine-Grain Access Rights Access rights can be defined on –Apply to object as a whole, all properties of the object –Apply to group of properties of object defined by property sets –Apply to individual property

Download ppt "Secure Networking Windows 2000 Distributed Security Services Sandeep Joshi Group 4."

Similar presentations

Managing User, Computer and Group Accounts

Managing User, Computer and Group Accounts
COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.

COMP091 OS1 Active Directory. Some History Early 1990s Windows for Workgroups introduced peer-to-peer networking based on SMB over netbios (tcp/ip still.
By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.

By Rashid Khan Lesson 5-Directory Assistance: Administration Using Active Directory Users and Computers.
How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.

How to Succeed with Active Directory Robert Williams, PhD CEO Secure Logistix Corporation.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
CS603 Active Directory February 1, 2001.

CS603 Active Directory February 1, 2001.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.

© N. Ganesan, Ph.D., All rights reserved. Active Directory Nanda Ganesan, Ph.D.
Understanding Active Directory

Understanding Active Directory
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.

1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 4: Active Directory Design and Security Concepts

Chapter 4: Active Directory Design and Security Concepts
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

Similar presentations

Ads by Google