GOOD2USE Knowledge Network Active Directory Strengthens Security

PC Knowledge Base - Active Directory Strengthens Security

Good Knowledge Is Good2Use

Strong and consistent security services are essential to corporate networks. Managing user authentication and access control is often tedious and prone to error. Active Directory centralises management and enforces role-based security consistent with an organisation's business processes. For example, support for multiple authentication protocols such as Kerberos, X.509 certificates, and smart cards combined with a flexible access control model enables powerful and consistent security services for internal desktop users, remote dial-up users, and external e-commerce customers. The following are some ways in which Active Directory strengthens security:

It improves password security and management. By providing single sign-on to network resources with integrated, high-powered security services that are transparent to end users.
It ensures desktop functionality. By locking-down desktop configurations and preventing access to specific client machine operations, such as software installation or registry editing, based on the role of the end user.
It speeds e-business deployment. By providing built-in support for secure Internet-standard protocols and authentication mechanisms such as Kerberos, public key infrastructure (PKI) and lightweight directory access protocol (LDAP) over secure sockets layer (SSL). It tightly controls security. By setting access control privileges on directory objects and the individual data elements that make them up.

One of the most important architectural advantages of Windows 2000 Server is the integration of Active Directory and its advanced security features that enable a new level of data protection. This is particularly important for organisations that do business over the Internet.

Figure 5: Active Directory provides Internet-ready security services to protect data while facilitating access. As illustrated in Figure 5 above, Active Directory acts as the central authority for governing authentication of user identity and controlling access to network resources. Once a user is authenticated and logged on, all resources in the system are protected and access is granted or denied based on a single authorisation model. This means that organisations don't have to protect resources one way for users who logon via the intranet and another way for those who use digital certificates to access resources over the Internet.

In addition, Active Directory natively supports a fully integrated public key infrastructure and Internet secure protocols, such as LDAP over SSL, to let organisations securely extend selected directory information beyond their firewall to extranet users and e-commerce customers. In this way, Active Directory strengthens security and speeds deployment of e-business by letting administrators use the same tools and processes to manage access control and user privileges across internal desktop users, remote dial-up users, and external e-commerce customers.

Search Knowledge Base

Feedback

If you like our web site refer a friend.
Your friends name.	Your friends email address.
Your Name	Your Email Address