【正文】 Security Administration Service Management Function Published: October 20xx Reformatted: January 20xx For the latest information, please see ii Security Administration The information contained in this document represents the current view of Microsoft C orporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a mitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WA RRANTIES, EXPRESS, IMPLIED O R STATUTORY, A S TO THE INFORMATION IN THIS DOCUMENT. C omplying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), but only for the purposes provided in the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intelle ctual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example panies, anizations, products, domain names, e mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real pany, anization, product, domain name, address, logo, person, place, or event is intended or should be inferred. ? 20xx Microsoft C orporation. A ll rights reserved. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual panies and products mentioned herein may be the trademarks of their respective owners. Service Management Function iii Contents Executive Summary ............................................................................................... 1 Introduction ........................................................................................................... 3 Security Administration Overview ........................................................................ 5 Goals and Objectives ............................................................................................5 Scope...................................................................................................................6 Key Definitions .....................................................................................................6 Processes and Activities ........................................................................................ 9 Process Flow Summary.........................................................................................9 Identification ......................................................................................................10 Authentication ....................................................................................................11 Biometric Authentication Systems.................................................................11 Smart Card Authentication Systems..............................................................11 Password Authentication Systems.................................................................12 Web Access Authentication ...........................................................................13 Access Control....................................................................................................14 Authorized Usage Warning............................................................................14 Accountability and Shared User IDs ..............................................................14 Account Lockout ...........................................................................................15 Settings to Limit Unauthorized Session Use and Systems Access ...................15 Setting Privileges and Permission on Objects ................................................15 Rolebased Access Control and Delegation of Authority .................................15 Confidentiality ....................................................................................................17 Private Key Encryption .................................................................................17 Public Key Encryption and PKI ......................................................................19 Virtual Private Networks ...............................................................................21 File System Confidentiality ...........................................................................26 Integrity.............................................................................................................26 Nonrepudiation...................................................................................................26 Auditing .............................................................................................................27 Planning Auditing .........................................................................................28 Implementing Auditing .................................................................................28 Testing Auditing ...........................................................................................28 Roles and Responsibilities................................................................................... 29 Security Manager ..............................