Chapter 13 - Network security. In this chapter, students will be able to understand: Password policies ensure that users choose effective passwords; user-level security requires a separate account for each user; in share-level security, all users access shares by using the same passwords; a firewall is a hardware or software product that protects a network from unauthorized access, using techniques such as packet filtering, NAT, or proxy servers;. | Chapter Overview Password Protection Security Models Firewalls Security Protocols Using Passwords Passwords are the most common method of securing network resources. Passwords can be an effective security mechanism, or they can be useless, depending on how they are used. The strength of any password protection is based on the password policies that administrators set. Most operating systems include tools that allow administrators to impose password policies on users, such as Password length restrictions Password change intervals Password policies are typically available in network operating systems that use a directory service to authenticate users and grant them access to network resources. Controlling User Account Password Settings Using the Windows 2000 Group Policy Interface Setting a Minimum Password Length Setting a Password Change Interval Enforcing Password Complexity Setting Account Lockout Policies Client/Server Networks User accounts are . | Chapter Overview Password Protection Security Models Firewalls Security Protocols Using Passwords Passwords are the most common method of securing network resources. Passwords can be an effective security mechanism, or they can be useless, depending on how they are used. The strength of any password protection is based on the password policies that administrators set. Most operating systems include tools that allow administrators to impose password policies on users, such as Password length restrictions Password change intervals Password policies are typically available in network operating systems that use a directory service to authenticate users and grant them access to network resources. Controlling User Account Password Settings Using the Windows 2000 Group Policy Interface Setting a Minimum Password Length Setting a Password Change Interval Enforcing Password Complexity Setting Account Lockout Policies Client/Server Networks User accounts are stored in a central location. A user logs on to the network from a computer that transmits the user name and password to a server, which either grants or denies access to the network. Account information can be stored in a centralized directory service or on individual servers. A directory service, such as the Microsoft Windows 2000 Active Directory service or Novell Directory Services (NDS), provides authentication services for an entire network. Peer-to-Peer Networks Each computer maintains its own security information and performs its own authentications. Computers on this type of network can function as both clients and servers. When a computer functioning as a client attempts to use resources (called shares) on another computer that is functioning as a server, the server itself authenticates the client before granting it access. Granting User Permissions Peer-to-Peer User-Level Security When users log on to their computers, they are authenticated against an account on that
