Security: The Transition to NT 5.0

The most recent beta of Windows NT 5.0 reflects many of the changes that developers will see in the Windows NT security model. The new features reflect Microsoft Corp.'s desire to simplify security administration and migrate toward industry standards while improving the security model's scalability.

Most important among these features is the transition from domain-based user directories to Active Directory. The existing model worked well for small workgroups and collections of homogeneous networks, but failed to provide the flexibility to support large, distributed networks. Active Directory corrects this problem by providing a single directory of all users and objects stored in a hierarchical database. This addresses the problems created by Windows NT's existing flat domain account name space. Using Active Directory as a repository for security information also means that users can handle account management administration at any domain controller rather than just the primary domain controller.

Another crucial change is the transition from Windows NT's proprietary NT LAN Manager authentication protocol to Kerberos. Kerberos is a mature Internet security standard that will provide default network authentication for Windows NT users. The authentication process will also evolve by allowing stronger client authentication than simple username/password pairs: Windows NT version 5.0 allows for client authentication using public-key certificates and smart cards.

For application developers the new security model provides more fine-grained access controls and also allows control in situations where options were previously unavailable. For instance, the API can now expose the DENY access control that gives permission to a group of users to access an object but denies access to specific users.

Despite these changes, Karan Khanna, product manager of the Windows NT security team for Microsoft, says the changes are evolutionary and not revolutionary. "Every user is still authenticated, and every resource in a Windows NT system still has access control lists applied," he says. "The underlying architecture for Windows NT security remains the same; what we are providing are more flexible tools for authentication and administration and a more robust approach to distributed network security."

While many of the improvements for enterprise Windows NT application developers appear in Windows NT 5.0, another important set of improvements address security administration. Windows NT 5.0 provides a new Security Configuration Editor, which provides a single security configuration and analysis tool for larger domains. The Configuration Editor provides a standard, Windows-based editor for security-related registry settings, access controls on files and registry entries, and the security for system services.

For organizations contemplating using digital certificates as a means of identifying users, Windows NT 5.0 provides a public key certificate server that is integrated into the Active Directory. This makes it possible for organizations to issue their own certificates without having to rely on third-party, commercial certificate authorities. "For Internet applications," remarks Khanna, "certificates are inherently more secure than usernames and passwords."

The changes to Windows NT security under version 5.0 may seem like a dramatic transformation of the operating system's underlying model. In fact, for those familiar with the current security architecture for Windows NT, the changes reflect a natural revolution: extending Windows NT's security model to larger enterprises and, at the same time, making it easier to deploy and use.