Authentication Strategies

Authentication Strategies

When the user logs on to a computer, a user name and password are required before the user can access resources on the local computer or the network. Windows Vista authentication enables single sign-on to all network resources, so that a user can log on to a client computer by using a single password or smart card and gain access to other computers in the domain without re-entering credential information. The Windows Vista authentication model protects your network against malicious attacks, such as:

  • Masquerade attacks. Because a user must prove identity, it is difficult to pose as another user.
  • Replay attacks. It is difficult to reuse stolen authentication information because Windows Vista authentication protocols use timestamps.
  • Identity interception. Intercepted identities cannot be used to access the network because all exchanges are encrypted.

Kerberos V5 is the primary security protocol within Windows 2003 domains. Windows Vista–based clients use NTLM to authenticate to servers running Windows NT 4.0 and to access resources within a Windows NT domain.

Computers running Windows Vista that are not joined to a domain also use NTLM for authentication.

If you use Windows Vista on a network that includes Active Directory, you can use Group Policy settings to manage logon security, such as restricting access to computers and logging users off after a specified time.