1. Introduction to Microsoft Windows 2000 Security Microsoft Windows 2000 Security Services Overview Security subsystem components Local security authority (LSA) functionality Windows 2000 security protocols Security Support Provider Interface (SSPI) Determining Security Business Requirements Designing Security to Meet Technical Requirements

2. Windows 2000 Security Services Overview Security subsystem components LSA functionality Windows 2000 security protocols SSPI

3. User Mode vs. Kernel Mode

4. Security Subsystem Components Netlogon service Windows NT LAN Manager (NTLM) authentication protocol Secure Sockets Layer (SSL) authentication protocol Kerberos v5 authentication protocol Kerberos Key Distribution Center (KDC) service LSA server service Security Accounts Manager (SAM) Directory Service module Multiple Authentication Provider

5. LSA Functionality Allows users to authenticate interactively Generates an access token for the security principal Manages local security policy Manages audit policy and settings Builds a list of trusted domains Determines user privileges Reads the system access control list (SACL) for each object Ensures that a security principal has the necessary rights to perform tasks Manages memory quotes for use of both paged and nonpaged memory

6. Windows 2000 Security Protocols Distributed Password Authentication (DPA) Secure channel (SChannel) services NTLM Kerberos v5

7. NTLM Authentication Protocol

8. Kerberos V5 Authentication

9. Security Support Provider Interface (SSPI)

10. Determining Security Business Requirements Analyze business requirements. Identify business factors that affect security design.

11. Analyzing Business Requirements Business model Business processes Projected growth Management strategy Current security policy Tolerance of risk Laws and regulations Financial status Current employee skill sets

12. Making the Decision: Business Requirements Centralized administration model Decentralized administration model Business processes Projected growth Aversion to risk International business Cost constraints Required skill sets

13. Applying the Decision: Business Requirements for Lucerne Publishing Centralized administration for user accounts Decentralized administration of servers Decentralized administration of user passwords Business process alignment Plans for future growth Issues with the Havana office Considerations for risk aversion Skill set shortages

14. Designing Security to Meet Technical Requirements Determine technical requirements that affect the security plan. Plan for technical requirements.

15. Technical Requirements That Affect the Security Plan Total size and distribution of resources Performance considerations WAN links WAN usage How data is accessed Administrative structure Current application base

16. Making the Decision: Defining Technical Requirements Physical sites Performance requirements Existing WAN links Current administrative structure Current application base

17. Applying the Decision: Technical Requirements at Lucerne Publishing Logon performance Site definitions Server placement Other performance requirements Current administrative structure

18. Chapter Scenario: Lucerne Publishing

19. Chapter Summary Microsoft Windows 2000 Security Services Overview Security subsystem components LSA functionality Windows 2000 security protocols Security Support Provider Interface (SSPI) Determining Security Business Requirements Determining business requirements Designing Security to Meet Technical Requirements Determining technical requirements