Open Enterprise Networks Demand the Security Enhancements in Windows 2000
Enterprises are opening their networks to customers, partners, and suppliers more every day. In fact, companies are making their networks resemble the Internet rather than private networks. The advantages of extranets and intranets are endless, but with the benefits of sharing internal resources to a growing number of users comes the challenge of making networks secure, without becoming impossible to manage.
Microsoft Corp. (www.microsoft.com) built its Windows 2000 operating system with a number of new security features and functions designed to help companies open up their networks, yet centralize network management and make them more secure.
"Windows 2000 adds a lot of great things to security, primarily because 73 percent of the code is new," says Avi Fogel, president and CEO of Network-1 Security Solutions Inc. (www.network-1.com), a manufacturer of distributed intrusion prevention solutions for e-business networks.
The highlights of the Windows 2000 Distributed Security Services include integration with Windows 2000 Active Directory services; Kerberos 5 authentication protocol, which is implemented as the default protocol for network authentication; and strong authentication-using public key certificates.
Active Directory’s Role
As with most aspects of Windows 2000, Active Directory is the key to centralizing management, and security is no exception.
"We tried to make it easier to manage security, and a lot of that has to do with centralizing it," says Shanen Boettcher, product manager for Windows 2000 security services at Microsoft.
Rick Camp, product manager for EcoTools at Compuware Corp. (www.compuware.com), which makes tools to help developers work on Windows operating systems, says integration with Active Directory represents a philosophical change in security.
"Microsoft is simplifying things, but they’re also making IT think about how they setup domains," he says.
For example, centralizing management of security conjures Active Directory. Active Directory uses containers and objects to organize network resources in a logical hierarchy, storing all the information about users, groups, machines, and applications in one location and then giving network administrators a way to update that information. Users seeking access to network resources only have to pass through a single checkpoint.
With Active Directory, administrators can delegate selected privileges to users; implement policy-based management that allows them to assign specific security controls to classes of machines or to Internet or extranet users, applications, or servers; control access to resources; and assign different sets of authentication procedures for different groups of users.
Further, Active Directory serves as the foundation for security services that authenticate users as they enter the system, while protecting the integrity of data and applications that reside within and safeguarding data as it moves between systems. The Security Configuration Manager, for instance, allows administrators to put security configurations into a template and apply it to selected computers in a single operation.
Microsoft says IP Security (IPsec) provides encryption of network traffic between systems, safeguarding internal networks and providing secure virtual private networking (VPN) over the Internet to a company’s internal network.
Another security service included in Windows 2000 is the version 5 of Kerberos authentication protocol. An open-standards protocol, Kerberos provides authenticity, confidentiality, and integrity of network communications. Kerberos is a shared-secret protocol that authenticates the user and the network, protecting against hackers who attempt to impersonate a server to enter the network.
Kerberos replaces Windows NT LAN Manager as the primary protocol for network authentication and access to resources in Windows 2000. It offers a number of important security enhancements, including improved authentication, which Microsoft says results in faster overall network performance.
Not everybody thinks Kerberos is all good, though.
Windows 2000 includes its share of interoperability curveballs, especially in the areas of Unix and Linux integration. The operating system’s Kerberos-based security model, for example, is proprietary, differing from the open Kerberos standard that was originally developed at the Massachusetts Institute of Technology (www.mit.edu).
"Basically what Microsoft did was they overloaded an application specific field that is a maximum of 64 KB long with a user profile that exceeds this maximum," explains Luke Kenneth Casson Leighton, a programmer at Internet Security Service Inc.’s (ISS, www.iss.net) export research services. He is also a member of the Samba (www.samba.org) development effort.
Leighton says Microsoft could just as easily have implemented its own proprietary protocol without "hijacking" the open Kerberos standard.
"It’s not reasonable at all. They could have used their own proprietary protocol to obtain their own information, and there’s absolutely no technical reason to do what they did," he maintains.
As a result, Leighton points out, standard Unix and Linux Kerberos clients will not be able to easily interoperate with Microsoft’s Windows 2000 Kerberos implementation.
Microsoft’s Boettcher touts Windows 2000’s flexible authentication as another important feature. Users can logon via password, smart card, biometrics, or a combination thereof. After the initial authentication proves the user is legitimate, which comes back as a Kerberos ticket, the user begins operating within Kerberos.
"From Kerberos to PKI to IPSec to Active Directory, Windows 2000 gives you a nice breadth of what can be done out of the box in terms of authentication," Boettcher says. "A lot of that used to take a bunch of third-party tools."
Active Directory can be extended to include biometrics information. Although biometrics is a nicety, even manufacturers of such products don’t see Windows 2000 as a driving force toward its use.
"Even with advanced security such as biometrics, there is nothing that is 100 percent sure in security," says Gordon Ross, president and CEO of Net Nanny Software International Inc. (www.biopassword.com), which makes a software-based biometric password product. "Security always comes down to the people involved. If you don’t have good people, it’s tough to have good security."
Ross is careful to point out that this is not a shortcoming of Windows 2000 at all, but of security in general.
The Public Key
Public Key Infrastructure (PKI) was added to Windows 2000, and it has important implications for security. PKI represents a standards-based security architecture that combines public key cryptography with digital certificates to verify the safety and integrity of data and documents and to validate the identity of users who are coming in over the Internet. It provides network administrators with a means to protect the security of their communications and business transactions on the Internet.
PKI is an enabling security technology for today’s extended enterprise, Boettcher says. It is particularly important for extranets because it allows users from heterogeneous clients to come into a system. Users just need a standards-based browser.
Windows 2000 provides a feature called certificate mapping. The feature gives administrators the ability to map a PKI certificate to a user account in the Active Directory. This provides a bridge between PKI and the Kerberos protocol used in Windows 2000. This means administrators can manage internal users and external users and can access control and security with Windows 2000.
Is Windows 2000 Security Good Enough?
At Gartner Group Inc.'s (www.gartner.com) Remote Access Conference in San Diego last year, the firm's research director Neil MacDonald said despite some faults, Windows NT 4.0 security was good enough for about 80 percent of enterprise tasks. Microsoft’s goal, of course, was to improve the security over NT 4.0.
Despite the new features and enhancements, many industry insiders believe there are still security needs in the operating system.
Network-1’s Fogel, for instance, says three shortcomings remain: network access controls are not what they should be, there is a lack of intrusion detection capability, and the stateful inspection of packets is not up to snuff.
"There are still holes in Windows 2000, but they aren’t much different from other OSes," he says.
Drew Williams, security segment manager at Bindview Corp. (www.bindview.com), a Microsoft partner that provides solutions for managing the security and configuration of networks, points out that Microsoft carried over some things from NT 4.0 without a thought of security.
"I don’t think Microsoft takes security as seriously as they think they do," he says.
Microsoft’s Boettcher, however, says that like the other features of Windows 2000 -- such as storage -- the company’s aim with this version of Windows is not to offer the be-all and end-all of corporate operating systems, but rather to offer a platform on which independent developers can build products that complete the picture.
Bindview’s Williams says time will tell how well Windows 2000 security holds up in the real world.
"Every time anybody puts out a new OS, there are buzzards who want to break it. It’s a matter of time, only about three to six months, until we’ll see what the big holes are that the hackers go after," he says. "But in all truthfulness and all soberness, the security will be good enough as long as people know what they are using it for," he continues.
Phil Hester, CTO at IBM Corp. (www.ibm.com) says that while Windows 2000’s security is more advanced than Windows NT’s, a major paradigm shift in the industry transforms the question of which operating system is more secure into a riddle that rivals that of the sphinx.
"Historically, that 80 percent Neil [MacDonald] referred to is accurate, but I don’t think it’s the way of the future," he says.
Hester points out that two factors are driving this industry shift in security. First is the storing of e-business and business-sensitive information on systems. Second is the blurring of business and personal data, Big Blue’s latest mantra. These trends will force a new kind of security, one in which information is more secure than ever. Because people also have personal information on their systems, such as credit card numbers and business information such as confidential business plans, computing devices need to be more secure. The future model, Hester says, is one in which even if a device is lost or stolen, an undesirable will not be able to get at the important data.
Microsoft’s Encrypted File System plays to this model. This feature enables end users to encrypt important files. A manager could then loan his notebook to an underling for a business trip, knowing that the subordinate cannot access the payroll and performance information of co-workers, or other such confidential files.
Software is Not Enough
Hester says that the base technology in W2K is going to be sufficient for most companies, but the software alone -- even with third-party tools included -- will not be enough.
Microsoft’s Boettcher says security is one piece of a larger goal. The idea is to create a network that can be rolled out quickly, that is flexible enough to meet changing enterprise needs, and that can be administered from a central location.
IBM’s Hester says hardware plays a large part in that network, particularly for companies that need more than base-level security, such as financial institutions and health care companies. Hester says that, regardless of which hardware vendors customers buy machines from, security is not just about clients. It includes servers and infrastructure. Bullet-proof security depends on tight integration of hardware with Windows 2000, which comes from testing and verification, as well as the integration of value-added hardware security features with the software.
"The software-only approach is only as good as the software. And properly implemented hardware is more secure than the software within it," he says. "You have to think of security as an end-to-end issue. It’s no better than its weakest link."
Stephen Swoyer contributed to this report.