1. Home
  2. Server Administration
  3. Securing Windows Server 2003

2.5 Authorization and Authentication

Two additional security concepts you need to be familiar with are authorization and authentication.

Authentication is the process of validating a user's identity, ensuring he is who he says he is. Passwords are a common component in the authentication process, although the use of biometric components like smart cards and fingerprint readers are becoming more common.

Authorization is the process of determining what an authenticated user has access to. Windows Server 2003 uses a variety of mechanisms to accomplish authorization on files and folders, for remote access, and so forth, which you'll learn about throughout this book.



    		Securing Windows Server 2003
    		Preface
    		Chapter 1. Introduction to Windows Server 2003 Security
    		Chapter 2. Basics of Computer Security
    		2.1 Why Computer Security Is Important
    		2.2 Security Enforcement Mechanisms
    		2.3 POLA: The Principle of Least Access
    		2.4 Key-Based Cryptography
    		2.5 Authorization and Authentication
    		2.6 Password Basics
    		2.7 Network Security
    		2.8 Keeping Your Eyes Open
    		2.9 Summary
    		Chapter 3. Physical Security
    		Chapter 4. File System Security
    		Chapter 5. Group Policy and Security Templates
    		Chapter 6. Running Secure Code
    		Chapter 7. Authentication
    		Chapter 8. IP Security
    		Chapter 9. Certificates and Public Key Infrastructure
    		Chapter 10. Smart Card Technology
    		Chapter 11. DHCP and DNS Security
    		Chapter 12. Internet Information Services Security
    		Chapter 13. Active Directory Security
    		Chapter 14. Remote Access Security
    		Chapter 15. Auditing and Ongoing Security
    		Appendix A. Sending Secure Email
    		Colophon