Microsoft will boost security in Win 2000

Microsoft will boost security in Win 2000

By Michael Cheek

GCN Staff

REDMOND, Wash.'Microsoft Corp. will send the government a late Valentine's Day gift on Feb. 17 in the form of extra security embedded in three versions of the forthcoming Windows 2000.

Craig Beilinson, lead Win 2000 product manager, said testing began late last year for the final release candidates: Windows 2000 Professional for one- or two-processor desktop systems, Windows 2000 Server for up to four-way workgroup servers and Windows 2000 Advanced Server for up to eight-way departmental servers.

Around June, Windows 2000 Datacenter Server will come out for hardware with up to 32 processors, four nodes and 64G of RAM, Beilinson said.

Here's proof

Win 2000 integrates several proof-of-identity and encryption technologies, said Shanen Boettcher, another Microsoft product manager.

Kerberos authentication checks both sides of all transmissions between a server and client to assure identity. Fortezza, smart card, biometric and some Internet authentication protocols are all part of all Win 2000 server versions, Boettcher said.

Microsoft's Active Directory with Intelli-Mirror will restrict users to the files and devices for which they are authorized. For example, an administrator could restrict a user to only one application with severely limited file access.

IntelliMirror would recreate the restricted user's setup no matter what client PC is used.

Active Directory's Access Control Lists, commonly referred to as ACLs and pronounced 'ackles,' manage users' access rights to everything on the network. The ACLs and other components come with a strong security lockdown, said Scott Culp of Microsoft's security response team.

'We don't want to ship a Fort Knox configuration and force users into a secure environment,' Culp said. 'We're targeting a spot that balances security with usability.'

A Security Configuration Toolkit will let administrators set up a template for the Active Directory and other network components, Culp said. Default templates will be included for low, medium and high security.

Win 2000 natively supports a public-key infrastructure and permits encrypting files and folders under a new file system. The file system will upgrade NT File System drives automatically on installation and is compatible with 16- and 32-bit File Allocation Tables, Beilinson said.

A mouse right-click can encrypt any file, but the encryption stays on the system, Beilinson said. Users without access rights cannot get into the file, but the authorized user can transfer the file around easily.

Although encryption is much stronger in Win 2000, it is far from perfect security, said Josh Benaloh, a cryptographer with Microsoft research.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected