Chapter 11, Securing Data at the Application Layer
Total Page:16
File Type:pdf, Size:1020Kb
Chapter 11, Securing Data at the Application Layer
|1| Chapter Overview Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data
Chapter 11, Lesson 1
|2| Planning Authenticity and Integrity of Transmitted Data 1. Providing Authenticity and Integrity of Transmitted Data |3| A. Two methods provide authenticity and integrity of transmitted data at the application layer. 1. SMB signing a. Ensures that file transmissions are not modified in transit 2. Secure/Multipurpose Internet Mail Extensions (S/MIME) and Pretty Good Privacy (PGP) a. Digitally sign e-mail messages to protect them from being modified in transit
|4| 2. Planning SMB Signing A. Introduction 1. SMB signing a. Also known as Common Internet File System (CIFS) b. Ensures authenticity and integrity of packets transmitted between a client and a server c. Signs each packet as it is transmitted and verified at the recipient computer d. Implemented in high-security networks to prevent impersonation of clients and servers e. Authenticates the user and the server hosting the data f. If authentication fails on either side, data transmission won’t take place. |5| 2. SMB signing process a. The client attempts to connect to a server that requires SMB signing. b. The server sends a challenge to the client. (1) The challenge is the data that the client will encrypt to authenticate with the server. c. The client responds by encrypting the challenge with a 168-bit session key computed from the user’s password. (1) The response and the algorithm used to encrypt the challenge are returned to the server. d. The server validates the authentication attempt by performing the same algorithm on the challenge, using the stored value of the user’s password and then comparing the results. (1) If the results are the same, the user is authenticated. e. The client and server negotiate which variation, or construct, of SMBs will be used by the client and the server. (1) Which versions of SMBs are selected depends on the OS involved in the client/server exchange. (2) The client and server always select the highest variation supported by both client and server. f. Subsequent data exchange between the client and the server is protected by computing a digest for each message and including it with the message. (1) The digest covers both the message text and the sequence number of the packet to ensure that a replay attack can’t take place. |6| 3. Message Digest v5 (MD5) algorithm a. Used to create the key that is used to create the digest b. Breaks the data into 512-bit blocks and produces a 128-bit message digest for each 512-bit block of the data c. The key is computed from the session key established between the client and the server and the initial response sent by the client to the server’s challenge. |7| 4. When to use SMB signing a. Use in networks that implement both Microsoft Windows 2000– based clients and down-level Windows clients. b. IPSec Authentication Headers (AH) are supported only in a pure Windows 2000 network. c. SMB signing is supported by Windows 2000, Microsoft Windows NT 4.0 (SP3), and Microsoft Windows 98–based clients. d. Microsoft Windows 95–based clients do not support SMB signing. |8| B. Planning the deployment of SMB signing 1. Introduction a. SMB signing requires modification of the registry in Windows 2000, Windows NT 4.0 (SP3 or higher), and Windows 98. b. The method used to deploy the registry depends on the OS. |9| 2. Windows 2000–based clients a. Workgroup environment (1) Deploy the security template file by using the Secedit command. (2) Copy the completed security template locally to each computer. (3) Create a batch file that calls the Secedit command, using the /configure option to apply the security template. |10| b. Domain environment (1) Deploy the modified security template file, using Group Policy.
2 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security (2) Import the template to a specific domain, site, or OU Group Policy object. (3) SMB signing options (a) Digitally Sign Client Communications (Always) (b) Digitally Sign Client Communications (When Possible) (c) Digitally Sign Server Communications (Always) (d) Digitally Sign Server Communications (When Possible) |11| c. Choosing domain or workgroup settings depends on (1) The role of the Windows 2000–based computer (2) The security requirements for SMB signing defined for the network |12| 3. Windows NT 4.0–based clients a. Introduced support for SMB signing in SP3 b. Requires editing the registry c. Create a custom template file and apply the settings with the System Policy Editor. d. If Windows NT 4.0 is operating in a domain environment, apply the settings to a Ntconfig.pol configuration file. (1) Place the Ntconfig.pol file in the Netlogon share to ensure the settings are applied to all required clients. e. Registry key for a Windows NT 4.0 client functioning as a server (1) HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\LanManServer \Parameters (a) Value Name: EnableSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 0 (disable) (b) Value Name: RequireSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 0 (disable) f. Registry key for a Windows NT 4.0 client functioning as a client (1) HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\Rdr\Parameters (a) Value Name: EnableSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 1 (enable) (b) Value Name: RequireSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 0 (disable) |13| 4. Windows 98–based clients
Outline, Chapter 11 3 Designing Microsoft Windows 2000 Network Security a. Windows 98 includes an updated version of the SMB protocol. b. Requires editing the registry c. Deploy these settings by e-mailing a .reg file containing the desired settings. (1) Instruct users to import the settings by double-clicking the .reg file. d. Registry key for clients (1) HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\Vnetsup (a) Value Name: EnableSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 1 (enable) (b) Value Name: RequireSecuritySignature (i) Data type: REG_DWORD (ii) Value: 0 (disable), 1 (enable) (iii) Default: 0 (disable) |14| C. Making the decision: planning SMB signing security 1. To require that all communications to a server use SMB signing a. Configure the server to enable and require the use of SMB signing b. Configure client computers to either enable or require SMB signing 2. To allow SMB signing to fall back to unsigned communications a. Configure the server to enable only SMB signing 3. To deploy SMB signing configuration for Windows 2000–based clients a. Create a security template that enables the required DMB signing configuration b. Place all computers that require the settings into a common OU structure c. Import the security template into a Group Policy object applied at the OU 4. To deploy SMB signing configuration for Windows NT 4.0–based clients a. Create a custom system policy template that contains the required SMB signing settings b. Modify the Ntconfig.pol file to apply the required SMB settings c. Ensure all Windows NT 4.0–based clients have SP3 as the minimum service pack level 5. To deploy SMB signing configuration for Windows 98–based clients a. Create a .reg file that contains the required SMB settings for Windows 98–based computers b. Distribute the .reg file by instructing users to double-click on the .reg file c. Apply the .reg file to the Windows 98-based computers d. Restart the Windows 98-based computers
4 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security |15| D. Applying the decision: planning SMB signing security for Fabrikam Inc. 1. Implement SMB signing for the Radar System project, using different methods depending on the computer’s OS. a. The HELIOS server (1) Place the Windows 2000–based server in an organizational unit (OU) that has the Digitally Sign Server Communications (Always) security option enabled in Group Policy. (2) Configure the share where the project files are stored with appropriate Share and NT file system (NTFS) permissions. |16| b. Windows 2000 clients (1) Windows 2000 clients should be placed in either the same OU as the HELIOS server or in a sub-OU based on the Windows 2000 client location. (2) Set the Group Policy object so that the computers digitally sign client communications when required. (3) Computers can still communicate with other servers in the organization that may not require SMB signing. (4) SMB signing will be used when connecting to the HELIOS server. c. Windows NT 4.0 clients (1) Create a system policy template that enables the Windows NT 4.0–based clients to enable SMB signing. (2) Apply the template file to the Ntconfig.pol file stored in the Netlogon share of all domain controllers (DCs) in the corp.fabrikam.tld domain. (3) The system policy is applied every time the Windows NT 4.0 clients are restarted and they authenticate with the network. d. Windows 98 clients (1) Create a .reg file that enables SMB signing. (2) The registry setting for SMB signing should not be deployed using system policy because the policy would also be applied to Windows 95–based computers. (3) E-mail the .reg file to Windows 98 users, or apply it with a login script. 2. SMB signing is not required for the Sonar System project. a. The project involves Windows 95–based computers, which do not support SMB signing. b. If digital signing were required, an alternate method would be needed to ensure integrity and authenticity.
|17| 3. Planning Digital Signing A. Introduction 1. Digital signatures ensure authenticity and integrity of e-mail messages between clients. a. Prevent someone from impersonating another e-mail user
Outline, Chapter 11 5 Designing Microsoft Windows 2000 Network Security b. Prevent an e-mail user from denying that he sent a specific e-mail message 2. Public Key Infrastructure (PKI) is required to deploy the necessary public/private key pairs to participating clients. 3. Digital signatures function by applying a digest function to the contents of the message to create a message digest. 4. If the contents of the message are modified, the message digest output will also change. |18| B. Digital signature process 1. The sender creates a plaintext e-mail message. a. By default, Post Office Protocol v3 (POP3)/Simple Mail Transfer Protocol (SMTP) e-mail clients send their messages in plaintext format. 2. The sender runs a known algorithm against the plaintext message to create a digest of the message. a. Either a Secure Hash Algorithm v1 (SHA1) or MD5 algorithm is commonly used to create the digest. 3. The digest is encrypted, using the sender’s private key. a. The digest is securely transmitted to the recipient. b. Only the sender’s public key can be used to decrypt the encrypted digest. 4. The plaintext message and the encrypted digest are sent to the recipient by using SMTP. a. For digital signing, no protection is applied to the plaintext message. b. The message can be modified, but modification will invalidate the encrypted digest sent with the message. 5. The recipient decrypts the encrypted digest by using the sender’s public key. a. The public key is either retrieved from a directory where the public key is stored or is included in the signed message. 6. The recipient runs the same algorithm used by the sender to create the recipient’s own digest of the message. a. This digest is created against the plaintext message received from the sender. 7. The two digests are compared. a. If the digests differ, the message was modified during transmission. b. If the digest can’t be decrypted, the sender was masquerading as another user. |19| C. Determining protocol choices for digital signing 1. Two protocols provide digital signatures for e-mail applications. a. S/MIME (1) Provides the ability to encrypt and digitally sign e-mail messages by using public and private key pairs (2) Internet Engineering Task Force (IETF) standard
6 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security (3) Designed to extend the MIME standard to provide secure e- mail functions (4) E-mail applications must support S/MIME. (5) E-mail servers do not need to support S/MIME. b. PGP (1) Provides the ability to encrypt and digitally sign e-mail messages (2) Uses private/public key pairs (3) Not controlled by a centralized standard organization 2. Determine which protocol to use based on the e-mail application deployed. a. S/MIME and PGP provide the same functionality but are not interoperable. b. Signed e-mail can’t be sent between e-mail applications that support different protocols. |20| D. Deploying public keys 1. Introduction a. Ensure the availability of public keys when implementing digital signatures. b. Without a public key, the digest encrypted with the sender’s private key cannot be decrypted to verify message integrity. c. The digital certificate must be issued by a Certification Authority (CA) that the recipient trusts. d. The Certificate Revocation List (CRL) must be accessible to any recipients so the revocation status of the digital certificate can be verified. e. If the CRL cannot be accessed, the certificate is assumed to be revoked. |21| 2. Ensuring the availability of public keys a. Configure e-mail clients to include their certificate with all signed messages. (1) This ensures that the recipient has the public key required to decrypt the message digest. (2) The public key is included as an attribute of the digital certificate. b. Implement the Key Management Service (KMS) in Microsoft Exchange Server 5.5 or Microsoft Exchange 2000 Server. (1) The KMS service manages private/public key pairs and ensures that the public keys are stored within the directory. (2) Exchange Server 5.5 users use the Exchange directory and Exchange 2000 Server users use the Active Directory for storing public keys. |22| E. Making the decision: digital signature design 1. To choose which protocol to use for digitally signing e-mail messages within the organization
Outline, Chapter 11 7 Designing Microsoft Windows 2000 Network Security a. Determine the protocol supported by the organization’s e-mail application 2. To ensure that important messages are digitally signed a. Train users on how and when to digitally sign messages 3. To ensure that digital signatures are validated a. Configure e-mail applications to include the digital certificate in all signed messages b. Ensure that the CRL publication point for all CAs is available to recipients 4. To limit which users can use digital signatures a. Deploy certificates that support digital signatures only to approved users |23| F. Applying the decision: digital signature design for Fabrikam Inc. 1. Provide the ability to digitally sign messages. a. Defense Department price quotes (1) All quotes to the Defense Department must be digitally signed. (2) Digital signatures will also prove that the e-mail originated from validated users at Fabrikam. (3) A recipient at the Defense Department must be able to acquire the public key and verify that the certificate associated with the private/public key has not been revoked. (4) Certificates must be acquired from a public CA, or the issuing CA’s CRLs must be published externally. (5) Since security is a key requirement, the recommendation is to acquire the certificates for these transactions from a public CA. b. The Radar System project (1) E-mail regarding specifications must be digitally signed. (2) Digital signing validates the sender of the specifications. (3) Since transmissions are internal, use a private CA to issue the required certificates. c. The Sonar System project (1) E-mail exchanged between A. Datum Corporation and Fabrikam should be digitally signed. (2) Acquire certificates from a public CA or establish cross- certification between the two internal CA hierarchies. 2. Determine which users need to acquire certificates for digitally signed e- mail. a. Not all of the users at Fabrikam need to issue certificates for digitally signed e-mail. b. Only users involved with the three projects must acquire digital signatures. 3. Determine whether the partners of the Defense Department and A. Datum Corporation use PGP or S/MIME for their e-mail packages.
8 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security a. Determine which e-mail applications must be used at Fabrikam to ensure that the partner’s e-mail application can validate the digital signatures.
Chapter 11, Lesson 2
|24| Planning Encryption of Transmitted Data
|25| 1. Planning Secure E-Mail Encryption A. Introduction 1. Contents of e-mail messages are vulnerable to inspection. 2. Digital signing does not prevent someone from inspecting e-mail messages during transmission across the network. 3. SMTP is the default protocol used for sending e-mail messages. 4. SMTP does not include any extensions for the encryption of e-mail. |26| B. Analyzing the e-mail encryption process 1. The sender of the e-mail creates a plaintext message. 2. The sender encrypts the message by using the recipient’s public key. a. The sender must have access to the recipient’s public key. b. The public key can be retrieved from a directory or exchanged by having the recipient send a digitally signed message to the sender. 3. The encrypted message is sent to the recipient of the message, using the SMTP protocol. 4. The recipient decrypts the message, using the recipient’s own private key. a. Ensures that only the holder of the private key can view the contents of an encrypted message 5. The decrypted message is displayed in the recipient’s e-mail application. |27| C. Determining encryption levels for e-mail 1. Algorithms supported in Microsoft Outlook 2000 a. Rivest’s Cipher v2 (RC2) (1) Secret-key block encryption algorithm (2) Developed by Ron Rivest at RSA Security (3) Uses 64-bit input and output blocks (4) The key size can be varied up to 128 bits in length with most implementations using 40-bit or 128-bit length keys. (5) Optimized for speed and encrypts messages faster than Data Encryption Standard (DES) or Triple DES (3DES) b. DES (1) Most widely used encryption algorithm in the world (2) Takes 64-bit blocks of plaintext and applies the recipient’s 56- bit public key to each block of plaintext (3) The encrypted package is decrypted by using the recipient’s private key. c. 3DES
Outline, Chapter 11 9 Designing Microsoft Windows 2000 Network Security (1) Increases the strength of DES by using an encrypt-decrypt- encrypt process that uses three keys (a) The 64-bit plaintext message block is first encrypted with the first key. (b) The encrypted result is decrypted using a second key. (c) The result of the decryption process is encrypted using a third key. (2) The formula to arrive at the encrypted packet is
EK3[DK2[EK1[Plaintext]]].
(a) EK3, DK2, and EK1 are the three separate encryption keys. (3) The resulting encryption strength is 168 bits (3 x 56 bits). 2. Encryption import and export laws a. RC2 (128 bit) and 3DES require the Windows 2000 High Encryption Pack to be installed. b. The Windows 2000 High Encryption Pack is subject to import and export laws. c. The United States allows the export of high encryption to nonembargoed nations. |28| D. Determining protocol choices for e-mail encryption 1. Choose between S/MIME and PGP for the encryption protocol. 2. Encryption protocols for e-mail cannot be mixed. |29| E. Making the decision: deploying e-mail encryption 1. Determine all approved e-mail applications that are in use. a. The decision to use S/MIME or PGP is determined by the security protocols supported by the primary e-mail system. b. All e-mail applications deployed might not be supported. 2. Determine who can use secure e-mail. a. A private/public key is required for encrypted e-mail. b. Draft a set of criteria that will qualify an individual to acquire a private/public key pair. 3. Determine where the private/public keys will be acquired. a. Choose between an internal CA or purchasing certificates from a public CA. b. If you choose an internal CA, remember that certificates might not be trusted by other organizations. c. Costs are associated with each certificate obtained from a public CA. 4. Establish guidelines for the distribution of public keys to recipients outside the organization. a. Recipients outside the organization won’t have access to the internal Exchange or Windows 2000 directory. 5. Establish an external public point for CRLs if using an internal CA. a. External e-mail recipients need to verify the revocation status of any encrypted messages. b. Publish the CRL to an externally available service. 6. Train users on when to encrypt messages.
10 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security a. Set guidelines outlining the types of e-mail that should be encrypted when sent. b. Guidelines reduce the risk of critical data being sent in an unencrypted format. |30| F. Applying the decision: deploying e-mail encryption for Fabrikam Inc. 1. Require encryption of e-mail sent to the Defense Department and between project members on the Sonar System project. a. The same infrastructure that is required for digitally signing e-mail messages works for encrypting e-mail messages. b. It is recommended that Mail certificates be acquired from a public CA, or ensure that the CAs have their CRLs available on the Internet. 2. The users in the two projects should be trained on how to encrypt messages when the messages are sent to recipients in other companies. a. The process may require that a digitally signed message is first sent between the two users who require encrypted mail. b. The public key of the recipient is used to encrypt messages sent to that recipient.
|31| 2. Planning Application-Level Encryption with SSL/TLS |32| A. SSL 1. Provides encryption services by using public and private keys to encrypt data transmitted between a server and a client 2. Commonly associated with Web browsers 3. The application must be programmed to support SSL. 4. Implemented between the Transmission Control Protocol (TCP) and application layers 5. SSL-enabled applications listen for client connections on a different port than the usual port. |33| 6. Provides encryption services to other protocols a. Lightweight Directory Access Protocol (LDAP) queries b. Network News Transfer Protocol (NNTP) authentication and news group transfers c. Post Office Protocol v3 (POP3) authentication and e-mail retrieval encryption d. Internet Message Access Protocol v4 (IMAP4) authentication and e- mail retrieval encryption |34| B. TLS 1. Similar to SSL in that TLS provides communications privacy, authentication, and message integrity by using a combination of public key and symmetric encryption 2. Implemented between the TCP and application layers. 3. TLS uses different encryption algorithms than SSL. 4. Is an IETF draft standard 5. Windows 2000 uses TLS to encrypt smart card authentication information transmitted when using Extended Authentication Protocol (EAP).
Outline, Chapter 11 11 Designing Microsoft Windows 2000 Network Security 6. Supports the option of reverting to SSL support if needed 7. May replace SSL in the future |35| C. Deploying SSL and TLS 1. Introduction a. The server hosting the application that uses SSL or TLS must acquire a private/public key pair for encrypting the data. b. The benefit of using application-level security is that the encryption requires no additional work by the user. c. The only noticeable change is https: in the URL rather than http:. |36| 2. Encryption process for Web-based applications a. The Web client attempts to connect to the Web server by using SSL. (1) No additional software is required for the client. (2) The client changes protocol in the URL from http: to https:. b. The Web server returns the Web server’s certificate and public key to the Web client. (1) The Web client requires the public key to encrypt any transmissions sent to the Web server. (2) The certificate is included so that the Web client can access the public key and determine CRL locations. c. The Web client and Web server enter into a negotiation to determine encryption levels. (1) The Web server and Web client negotiate to determine if 40- bit, 56-bit, or 128-bit encryption will be used for the session key. d. The Web client generates a session key and encrypts the session key with the Web server’s public key. (1) The session key is set to be the length negotiated between the Web client and the Web server. (2) Once the session key is encrypted, the encrypted session key is transmitted to the Web server. e. The Web server decrypts the session key, using the Web server’s private key. (1) Only the Web server has access to this private key, ensuring that the connection attempt isn’t intercepted by an attacker. f. The session key is used to encrypt all further data exchanged between the Web client and the Web server. |37| D. Making the decision: designing application-level encryption using SSL and TLS 1. To enable secure Web communications a. Acquire a Web server certificate from a trusted CA b. The CA can either be a private CA or a public CA 2. To enable secure Web communications for a public Web site a. Acquire a Web server certificate from a public CA b. A public CA certificate increases consumer confidence in the Web site
12 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security 3. To enable secure communications for a private Web site a. Acquire a Web server certificate from a private CA within the organization’s PKI (1) Reduces the cost of the Web site deployment 4. To secure authentication to a Web site and support any browser a. Configure the Web server to use basic authentication and require SSL encryption for access (1) The SSL encryption encrypts the plaintext authentication used by basic authentication. b. In an Internet Explorer deployment, consider deploying Windows Integrated Authentication, which is not supported by other browsers. 5. To define the level of encryption to use for a Web site a. Determine the type of information that will be available at the Web site b. Determine how export and import laws affect the use of strong encryption c. Always use the strongest level of encryption allowed by law to ensure protection of the data 6. To enable strong encryption at a Windows 2000 Web server a. Acquire a server certificate for the Web server to enable SSL communications b. Configure the Web server to require 128-bit encryption to allow connections 7. To enable strong encryption at a Windows client a. For Windows 2000 clients, install the Windows 2000 High Encryption Pack to enable 128-bit encryption at the Windows 2000– based computer. b. For older versions of Windows clients, install the strong encryption patch for the version of Internet Explorer installed on the computer. c. For other companies’ browsers, download the strong encryption patch for that browser. 8. To minimize reduction in performance due to encryption of transmitted data a. Enable SSL only for the Web pages that require encryption (1) To minimize excessive CPU utilization, reduce the amount of Web content being encrypted. (2) Do not automatically encrypt the entire Web site. b. Minimize the amount of graphics contained in secured Web pages |38| E. Applying the decision: designing application-level encryption for Fabrikam Inc. 1. Ensure that information entered into or downloaded from Web pages stored on the three separate Web sites is not compromised during transmission. a. Defense Department bidding Web site (1) Requires SSL encryption
Outline, Chapter 11 13 Designing Microsoft Windows 2000 Network Security (2) Network administrators must ensure that any users who connect to the Web site from Fabrikam are enabled for strong encryption. (a) If it is a Windows 2000–based computer, the Windows 2000 High Encryption Pack must be applied to enable 128- bit encryption for the browser. (b) If it is a Windows 95, Windows 98, or Windows NT 4.0 computer, the 128-bit encryption patch for the current version of its browser must be installed to enable strong encryption. b. Sonar project time sheet Web site (1) Project members who work at A. Datum Corporation must enter the hours they work into a Web-based time recording system hosted in the Fabrikam extranet. (2) The Web server hosting the site must have a server certificate. (3) An internal CA can issue the Web server certificate. (4) The CRL for the CA and any CAs that issued certificates in the certificate chain must be made available at a public location as indicated in the issued certificate. (5) The Web server could be configured to require 128-bit encryption, but it is not required. c. The Sonar System project server (1) The project server at the San Francisco office requires that all communication with the server is protected from interception. (2) Using a Web server allows the data to be accessed by a mix of Windows 95, Windows 98, Windows NT 4.0, and Windows 2000 clients. (3) Web pages containing links for key files or directory browsing must be enabled at the Web server to allow access to the data. (4) The project server requires the acquisition of a Web server certificate. (5) The server is required only for internal project use. (6) Use an internal CA to acquire the necessary Web server certificate to enable SSL encryption. (7) Client computers may require additional configuration if the Web server is configured to require 128-bit encryption.
|39| Chapter Summary Providing authenticity and integrity of transmitted data Planning SMB signing Planning digital signing Planning secure e-mail encryption Planning application-level encryption with SSL/TLS
14 Outline, Chapter 11 Designing Microsoft Windows 2000 Network Security