Microsoft will boost security in Win 2000

Microsoft will boost security in Win 2000

By Michael Cheek

GCN Staff

REDMOND, Wash.'Microsoft Corp. will send the government a late Valentine's Day gift on Feb. 17 in the form of extra security embedded in three versions of the forthcoming Windows 2000.

Craig Beilinson, lead Win 2000 product manager, said testing began late last year for the final release candidates: Windows 2000 Professional for one- or two-processor desktop systems, Windows 2000 Server for up to four-way workgroup servers and Windows 2000 Advanced Server for up to eight-way departmental servers.

Around June, Windows 2000 Datacenter Server will come out for hardware with up to 32 processors, four nodes and 64G of RAM, Beilinson said.

Here's proof

Win 2000 integrates several proof-of-identity and encryption technologies, said Shanen Boettcher, another Microsoft product manager.

Kerberos authentication checks both sides of all transmissions between a server and client to assure identity. Fortezza, smart card, biometric and some Internet authentication protocols are all part of all Win 2000 server versions, Boettcher said.

Microsoft's Active Directory with Intelli-Mirror will restrict users to the files and devices for which they are authorized. For example, an administrator could restrict a user to only one application with severely limited file access.

IntelliMirror would recreate the restricted user's setup no matter what client PC is used.

Active Directory's Access Control Lists, commonly referred to as ACLs and pronounced 'ackles,' manage users' access rights to everything on the network. The ACLs and other components come with a strong security lockdown, said Scott Culp of Microsoft's security response team.

'We don't want to ship a Fort Knox configuration and force users into a secure environment,' Culp said. 'We're targeting a spot that balances security with usability.'

A Security Configuration Toolkit will let administrators set up a template for the Active Directory and other network components, Culp said. Default templates will be included for low, medium and high security.

Win 2000 natively supports a public-key infrastructure and permits encrypting files and folders under a new file system. The file system will upgrade NT File System drives automatically on installation and is compatible with 16- and 32-bit File Allocation Tables, Beilinson said.

A mouse right-click can encrypt any file, but the encryption stays on the system, Beilinson said. Users without access rights cannot get into the file, but the authorized user can transfer the file around easily.

Although encryption is much stronger in Win 2000, it is far from perfect security, said Josh Benaloh, a cryptographer with Microsoft research.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected