Windows NT/2000 Login Security
As more and more businesses make e-commerce initiatives, the Internet is fast becoming a vault of critical business data. Smart Cards, Retinal Scans, and an array of digital-age technologies are all set to replace the currently prevalent password authentication systems. How flexible are operating systems in allowing use of these technologies? It is not enough for an operating system to support a Smart card or a Retinal scan. It must be able to accommodate newer devices as they come, without any modifications to its architecture.
Therefore, it becomes essential for an operating system to provide both effective and extendable security to its resources. Two of the forerunners in this area are Microsoft Windows NT® and Microsoft Windows 2000®. What features of Windows NT/2000 make it possible to have a flexible and extendable security? What should be done to make a Windows NT/2000 system use a different access mechanism in place of the default password authentication method? - This paper addresses these questions.
The security in Microsoft Windows NT/2000 is taken care of by the security subsystem. The subsystem is designed as a set of components that can be replaced without affecting the other components. Access to the resources in a Windows NT machine is controlled by a security ID (SID). All resources have an access mask that is applied over the SID to determine if the SID is allowed to access the resource in question. Every user of Windows NT is given an access token containing his SID. The user’s access token is compared with the access mask of the resource. The user is given access only if his SID is allowed to access the resource....
