Server Administration - Authentication
In a Nutshell - CIW Course Section 3, Part A2, Chapter 1
Authentication Methods
Back in chapter 9 of section 1, part C we first introduced the three basic methods of establishing a user's identity for means of authentication.
The first method requires you to confirm a piece of information that only you know. This would normally be a password. As this password will grant you access to, potentially, confidential information, it is vital that the password remains your secret. Encryption can help prevent eavesdroppers and network sniffers from intercepting your password and compromising security.
The second method requires you to have, in your possession, an item that only you could have. This may be some form of swipe-card or a key. But these can fall into the wrong hands, so a better solution is to combine this with a password.
Finally, perhaps the most secure and certainly the most expensive to implement, is a biometric solution. This may be a fingerprint reader, a retinal scan system or voice recognition. All very high tech, but still, to some extent, the stuff of science fiction.
Peer-to-Peer Network Model
A peer-to-peer network has no server or centralised administration. Each client workstation, on the network, has the ability to make selected folders and/or printers available, by means of sharing, to other users on the network.
In order to participate in a Peer-to-Peer network, the "File and Printer Sharing for Microsoft Networks" service must be installed on each client computer. To share a directory or printer from your computer, right-click the directory or printer and select Sharing ... The following dialog will be displayed:
The access level may be set to read-only or full and this may be password dependant. All files within the share are granted the same access. No individual file privileges may be set. The above example is a screen-shot from a Windows 98 machine on a peer-to-peer network.
User-Level Access
Where a server is available to maintain a list of users, the share dialog is different. The following screen-shot is from a Windows 2000 machine which is a domain member.
In this scenario, a list of users is available from the server and will be used to control the level of access available to individual users or groups of users. In this case individual file privileges also apply. This can occasionally cause confusion, as privileges which have been restricted on files or sub-folders will not be overridden by granting access to the share.