vào các lợi ích an ninh. Các ứng dụng an toàn thay thế cho các ứng dụng tiêu chuẩn không an toàn và sử dụng các cổng khác không yêu cầu khách hàng để có giấy chứng nhận khóa công khai vì nó có thể sử dụng các phím đối xứng để cung cấp các giao dịch tư nhân | Chapter 6 Microsoft RAS and VPN for Windows 2000 Solutions in this chapter What s New in Windows 2000 Discovering the Great Link Kerberos Trusts between Domains Understanding EAP RADIUS and IPSec Configuring Microsoft RAS and VPN for Windows 2000 Avoiding Possible Security Risks 189 190 Chapter 6 Microsoft RAS and VPN for Windows 2000 Introduction The latest release of Microsoft s network operating system NOS is Windows 2000. Many employees will use Windows 2000 at home to access their corporate networks. One thing that you must make sure of is that their connection will be safe for your network. Allowing access into your network from anywhere outside your security measures creates an opportunity for someone to exploit any weaknesses in the software and gain access to your network. Invariably Microsoft had to provide solutions to this problem so they incorporated a host of new security features in Windows 2000. The most notable addition to Windows 2000 could quite possibly be Active Directory AD . AD is a new environment for Windows 2000 and is based on the open standard of Lightweight Directory Access Protocol LDAP instead of the more proprietary Users Groups and Domains. A single sign-on method has also been incorporated to allow for a single sign-on process for access to network resources. This new directory structure brings several key security pieces to the table. The addition of Kerberos v5 allows again for an open standard approach and NT LAN Manager NTLM provides compatibility with previous OS versions. Some of the other open standards embraced in Windows 2000 include IP Security IPSec Allows for secure transmissions within IP networks. Incorporates security using an Encapsulating Security Payload ESP or an Authentication Header AH . Extensible Authentication Protocol EAP Provides support for third-party authentication products to be used with PPP. EAP allows for support of Kerberos Secure Key S Key and Public Key. Remote Access Dial-In User Service RADIUS