P1: GSB/FFX P2: GSB/FFX QC: IML/FFX T1: IML
WL040C-63 WL040/Bidgoli-Vol III-Ch-64 June 23, 2003 16:45 Char Count= 0
804 WINDOWS2000 SECURITYHot fix Microsoft’s term for a patch that fixes security
and other types of problems in Microsoft products such
as W2K.
Inheritance The default propagation of access rights
and user rights (privileges) from higher level objects
to child objects.
IntelliMirror A set of features that enable user data, ap-
plications, and computing environments to be avail-
able and user-specific settings to be applied.
IPsec A secure Internet Protocol that has an authenti-
cating header and encapsulated security payload.
Kerberos A protocol that provides strong network au-
thentication.
Key Distribution Centers (KDCs) Kerberos servers
that store user credentials and set up encrypted ses-
sions on behalf of users who need to authenticate and
then access resources and services.
Lightweight Directory Access Protocol (LDAP) A pro-
tocol that provides a scaled-down, simplified version of
X.500 directory services.
Microsoft management console A management tool
that features “snap-ins,” convenient objects that al-
low control of settings (group policy settings, in
particular).
Mixed mode A deployment mode in which a domain
contains both W2K and NT domain controllers, or has
all W2K domain controllers, but nobody has migrated
the domain to Native Mode.
Native mode A deployment mode in which a domain
contains all W2K domain controllers and the domain
has been migrated to this mode through an Active Di-
rectory setting.
NT File System (NTFS) A system conducive to strong
access control—W2K offers version 5 of NTFS or
NTFS-5.
Organizational Unit (OU) A “nested group,” one that
is either above or below other OUs (or both) in a hi-
erarchy of OUs, with special properties that allow for
delegation and inheritance of rights.
Primary domain controller A domain controller that
receives changes, such as changes to the authentica-
tion database, and replicates them to the other domain
controllers within the domain.
Replication The distribution of changes in Active Di-
rectory objects, properties, settings, and so forth from
one domain controller to the others.Schema An Active Directory characteristic that deter-
mines the types of objects that that each container
holds and the properties (e.g., names) of the objects.
Security Support Provider Interface (SSPI) A Win32
interface between security-related “service providers”
(dynamic link libraries, or DLLs) and applications that
run at the session level of networking, as well as be-
tween other types of authentication packages.
Service Pack (SP) A set of bundled hot fixes.
Service Resource Records (SRRs) The basis for locat-
ing services and objects and to keep DNS tables up to
date.
Syskey Microsoft’s attempt to make it more difficult to
crack passwords by adding an extra 128-bit encryption
step in which passwords are encrypted before they are
stored.
Tree A group of trust-related domains that form a con-
tiguous name space.
Trust A property that potentially allows users, groups,
and other entities from one domain to access re-
sources.
Universal groups In Native Mode, groups that can con-
sist of users and groups from any Native Mode domain
within a tree or forest.
Workgroup A set of Windows and possibly other sys-
tems that are known to each and that facilitate access
to each others’ resources.CROSS REFERENCES
SeeEncryption; Internet Architecture; Internet Security
Standards.FURTHER READING
Bragg, R. (2000).Windows 2000 security.Indianapolis, IN:
New Riders.
The Center for Internet Security Web site.
http://www.cisecurity.org
Cox, P., & Sheldon, T. (2000).The Windows 2000 security
handbook.Berkeley, CA: Osborne.
Norberg, S. (2000).Securing Windows NT/2000 servers for
the Internet.Sabastopol, CA: O’Reilly.
Schultz, E. E. (2000).Windows NT/2000 network security.
Indianapolis, IN: New Riders.
Scambray, J., & McClure, S. (2001).Hacking Windows
2000 exposed.Berkeley, CA: Osborne.