WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

جستجو بر اساس ... همه عنوان پدیدآور موضوع یادداشت تمام متن
اصطلاحنامه مجموعه ها مرورالفبایی لغت نامه دهخدا
جستجو در لغت نامه
بیشتر
کتابخانه شخصی پرسش از کتابدار ارسال منبع

WINDOWS 1002000 PROFESSIONAL RESOURCE KIT [Electronic resources] - نسخه متنی

Chris Aschauer

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
میخواهم بخوانم
درحال خواندن
خوانده شده
ارسال به دوستان

آدرس پست الکترونیک گیرنده :

آدرس پست الکترونیک فرستنده :

نام و نام خانوارگی فرستنده :

پیغام برای گیرنده ( حداکثر 250 حرف ) :

کد امنیتی را وارد نمایید

ارسال
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات

Sitemap

Cover

Acknowledgments

Introduction

Document Conventions

Resource Kit Compact Disc

Resource Kit Support Policy

Part I: Overview

Chapter 1 -- Introducing Windows 2000 Professional

Quick Guide to Using Windows 2000 Professional

Overview

Deployment and Installation

Configuration and Management

Networking

Interoperability

Performance Monitoring

Troubleshooting

Accessibility

Where to Find More Information in this Book

Additional Resources

Chapter 2 -- Using Windows 2000 Professional with Windows 2000 Server

Quick Guide to Using Windows 2000 Professional with Windows 2000 Server

Centralized Deployment

Centralized Administration

Advanced Security

Robust Networking Infrastructure

Interoperability with Other Networks

Additional Resources

Part II: Deployment and Installation

Chapter 3 -- Deploying Windows 2000 Professional

Quick Guide to Deploying Windows 2000 Professional

Mapping Your Needs to Windows 2000 Professional

Planning Your Deployment

Determining a Preferred Client Configuration

Assessing Your Current Network Infrastructure

Determining a Client Connectivity Strategy

Determining Implementation Methods

Testing Your Deployment Plan

Conducting a Pilot

Preparing for the Rollout

Chapter 4 -- Installing Windows 2000 Professional

Quick Guide

What's New

Planning Your Installation

Running Setup

Post-Installation Tasks

Additional Resources

Chapter 5 -- Customizing and Automating Installations

Quick Guide to Customizing and Automating Installations

Overview of Customizing and Automating Installations

Step 1: Plan

Step 2: Prepare

Step 3: Customize

Step 4: Deploy

Additional Resources

Chapter 6 -- Setup and Startup

Quick Guide to Setup and Startup

Phases of Setup

Windows 2000 Professional Startup Process

Plug and Play Device Detection

Installing a Multiple-Boot Operating System

Installing Service Packs

Removing Windows 2000 Professional from Your Computer

Troubleshooting Windows 2000 Professional Setup

Part III: System Configuration and Management

Chapter 7 -- Introduction to Configuration and Management

Quick Guide to Workstation Configuration and Management

What's New

Managing Windows 2000 Professional in a Windows 2000 Server Environment

Managing Windows 2000 Professional in a Non-Windows 2000 Environment

Managing Users and Groups

Group Policy

Management Tools

Managing Windows 2000 Professional in a Multilanguage Environment

Making Windows 2000 Professional More Accessible

Chapter 8 -- Customizing the Desktop

Quick Guide to Customizing the Desktop

Overview of Desktop Customization and Configuration

Defining Desktop Administration Standards

Implementing Custom Desktops in a Windows 2000 Server Network

Implementing Custom Desktop Configurations in Non-Windows 2000 Server Networks

Using Group Policy Settings for Desktop Control

Desktop Shortcuts and Icons

Active Desktop and Wallpaper Settings

Start and Programs Menus

Customizing the Taskbar and Toolbars

Limiting Access to Display Options

Screen Saver Group Policy Settings

Restoring the Original Configuration

Choosing a New User Interface

Troubleshooting

Additional Resources

Chapter 9 -- Managing Files, Folders, and Search Methods

Quick Guide to Files, Folders, and Search Methods

What's New

Windows 2000 Server Network Advantages

Working with Files and Folders

Customizing Folders

Using Offline Files and Folders

Searching for Files, Folders, and Network Resources

Troubleshooting

Additional Resources

Chapter 10 -- Mobile Computing

Mobile Computing Quick Guide

What's New

Setting Up a Portable Computer

Configuring Offline Files for Portable Computers

Configuring Power Management

Managing Hardware on Portable Computers

Security Considerations for Portable Computers

Folder Redirection and Configuring Roaming User Profiles

Hardware Issues Related to Portable Computers

Chapter 11 -- Multimedia

Quick Guide to Multimedia

What's New

Optimizing Workstations for Multimedia

Using Multimedia Effectively

Troubleshooting Multimedia

Additional Resources

Chapter 12 -- Telephony and Conferencing

Quick Guide to Telephony and Conferencing

Overview of Telephony and Conferencing

Configuring Telephony and Conferencing

Troubleshooting

Additional Resources

Chapter 13 -- Security

Quick Guide to Security

What's New

Planning for Security

User Authentication

Security Groups, User Rights, and Permissions

Security Policy

Security Templates

Remote Access

Internet Protocol Security

Encrypting File System

Public Key Technology

Protecting User Data on Portable Computers

Additional Resources

Chapter 14 -- Printing

Quick Guide to Printing

What's New

Finding Printers

Installing Printers

Configuring Printers

Creating and Sending Print Jobs

Monitoring and Managing Print Jobs

Printer Pooling

Printing Concepts

Troubleshooting Printing Problems

Additional Resources

Chapter 15 -- Scanners and Cameras

Quick Guide to Scanners and Cameras

What's New

Installing Scanners and Cameras

Configuring Scanners and Cameras

Scanner and Camera Concepts

Troubleshooting

Chapter 16 -- Fonts

Quick Guide to Fonts

What's New

Installing Fonts

Managing Installed Fonts

Character Set Types

Supported Code Pages

Troubleshooting Font Problems

Chapter 17 -- File Systems

Quick Guide to File Systems

Overview of Windows 2000 File Systems

File System Comparisons

FAT

NTFS

Compact Disc File System

Universal Disk Format

Using Long File Names

File System Tools

Chapter 18 -- Removable Storage and Backup

Quick Guide to Removable Storage

Overview of Removable Storage

Administering Removable Storage

Troubleshooting Removable Storage

Overview of Backups

Establishing a Backup Plan

Backing Up System State Data

Using the Backup Tool

Chapter 19 -- Device Management

Quick Guide to Device Management

What's New

Device Tree

Plug and Play

Device Installation

Configuring Device Settings

Troubleshooting Device Management

Additional Resources

Chapter 20 -- Power Management

Quick Guide to Power Management

Overview of Power Management

Power Management Features

Understanding the Advanced Configuration and Power Interface

Using the Power Management Interface

Troubleshooting Power Management

Additional Resources

Part IV: Network Configuration and Management

Chapter 21 -- Local and Remote Network Connections

Quick Guide to Local and Remote Network Connections

Overview of Local and Remote Network Connections

Creating, Configuring, and Monitoring Connections

Remote Network Security

Group Policies for Network and Dial-up Connections

Internet Connection Sharing

Internet Connection Sharing Scenario: Connecting Your Branch Office's Intranet to the Internet

Troubleshooting

Chapter 22 -- TCP/IP in Windows 2000 Professional

TCP/IP Configuration Quick Guide

Overview of Windows 2000 TCP/IP

Install TCP/IP

Configure IP Address Assignment

Configure TCP/IP Name Resolution

Configure Multihoming

Configure Local IP Routing Table

Configure Internet Connection Sharing

Configure IP Security and Filtering

Configure Quality of Service

Perform TCP/IP Troubleshooting

Additional Resources

Chapter 23 -- Windows 2000 Professional on Microsoft Networks

Quick Guide to Windows 2000 Professional on Microsoft Networks

Overview of Microsoft Networking

Configure Transport Protocols

Join Network Environment

Confirm Group Membership

Troubleshooting Microsoft Networking

Part V: Network Interoperability

Chapter 24 -- Interoperability with NetWare

Quick Guide to NetWare Interoperability

Overview of Windows 2000 Professional and NetWare Connectivity

Client Service and Gateway Service

Configuring Client Service for NetWare

Accessing NetWare Resources

NetWare Administration Through Windows 2000 Professional

Windows 2000 Professional and NetWare Security

NWLink

Troubleshooting Windows 2000 Professional and NetWare Connectivity

Chapter 25 -- Interoperability with UNIX

Quick Guide to UNIX Interoperability

Overview of Windows 2000 Professional and UNIX Connectivity

Planning and Installing Services for UNIX on Windows 2000 Professional

Configuring Services for UNIX on Windows 2000 Professional

Tools

Troubleshooting

Chapter 26 -- Interoperability with IBM Host Systems

Quick Guide to Interoperability with IBM Host Systems

Overview of Interoperability with IBM Host Systems

DLC Protocol

SNA Server Client and Components

Network Management Integration

Windows 2000 Professional and IBM Host Security

Troubleshooting

Part VI: Performance Monitoring

Chapter 27 -- Overview of Performance Monitoring

Quick Guide to Monitoring Performance

Performance Monitoring Concepts

Monitoring Tools

Starting Your Monitoring Routine

Analyzing Monitoring Results

Investigating Bottlenecks

Troubleshooting Problems with Performance Tools

Monitoring Remote Computers

Monitoring Legacy Applications

Integrating the System Monitor Control into Office and Other Applications

Chapter 28 -- Evaluating Memory and Cache Usage

Quick Guide to Monitoring Memory

Overview of Memory Monitoring

Determining the Amount of Installed Memory

Understanding Memory and the File System Cache

Establishing a Baseline for Memory

Investigating Memory Problems

Resolving Memory and Cache Bottlenecks

Additional Resources

Chapter 29 -- Analyzing Processor Activity

Quick Guide to Monitoring Processors

Overview of Processor Monitoring and Analysis

Establishing a Baseline for Processor Performance

Recognizing a Processor Bottleneck

Processes in a Bottleneck

Threads in a Bottleneck

Advanced Topic: Changing Thread Priority to Improve Performance

Eliminating a Processor Bottleneck

Additional Resources

Chapter 30 -- Examining and Tuning Disk Performance

Quick Guide to Monitoring Disks

Disk Monitoring Concepts

Configuring the Disk and File System for Performance

Working with Disk Counters

Establishing a Baseline for Disk Usage

Investigating Disk Performance Problems

Resolving Disk Bottlenecks

Evaluating Cache and Disk Usage by Applications

Part VII: Troubleshooting

Chapter 31 -- Troubleshooting Tools and Strategies

Quick Guide to Troubleshooting

General Troubleshooting Strategy

Startup and Recovery Tools

Maintenance and Update Tools

System File and Driver Tools

Applications Tools

Networking Tools

Troubleshooting Procedures

Chapter 32 -- Disk Concepts and Troubleshooting

Quick Guide to Disk Concepts

Basic and Dynamic Disks

Disk Sectors Critical to Startup

Troubleshooting Disk Problems

Additional Resources

Chapter 33 -- Windows 2000 Stop Messages

System Messages

Stop Messages

Troubleshooting Stop Messages

Hardware Malfunction Messages

Additional Resources

Appendix A -- Accessibility for People with Disabilities

Quick Guide to Accessibility for People with Disabilities

Overview of Accessibility in Windows 2000 Professional

Customizing Computers for Accessibility

Setting Accessibility Options by Type of Disability

Configuring Accessibility Features

Adding Third-Party Products and Services

Additional Resources

Appendix B -- Sample Answer Files for Windows 2000 Professional Setup

Answer File Format

Answer File Keys and Values

Sample Answer Files

Additional Resources

Appendix C -- Hardware Support

Overview of Hardware Support

Universal Serial Bus

IEEE 1394

Supporting Other Buses

New and Enhanced Hardware Support

Troubleshooting Hardware Support Components

Additional Resources

Glossary

3

5

8

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W
توضیحات
افزودن یادداشت جدید







Remote Network Security


You can configure your dial-up, virtual private network (VPN), and direct connections to enforce various levels of password authentication and data encryption. Authentication methods range from unencrypted to custom, such as the Extensible Authentication Protocol (EAP). EAP provides flexible support for a wide range of authentication methods, including smart cards, certificates, one-time passwords, and public keys. You can also specify the type of data encryption, depending on the type of authentication protocol (MS-CHAP or EAP-TLS) that you choose. Finally, if allowed by your system administrator, you can configure callback options to save telephone charges, and to increase dial-up security.

On the server to which you are connecting, remote access permissions on a Windows 2000 remote access server are granted based on the dial-in settings of your user account and remote access policies. Remote access policies are a set of conditions and connection settings that give network administrators more flexibility in granting remote access permissions and usage. If the settings of your connection do not match at least one of the remote access policies that apply to your connection, the connection attempt is rejected, regardless of your dial-in settings.

The network administrator can configure Windows 2000 user accounts and domains to provide security by forcing encrypted authentication and encrypted data for remote communications. For more information about Windows 2000 security, see Windows 2000 Server Help.

How Security Works at Connection


The following steps describe what happens during a call to a remote access server:


    Your computer dials a remote access server.

    Depending on the authentication methods you have chosen, one of the following happens:


If You Are Using PAP or SPAP


    Your computer sends its password to the server.

    The server checks the account credentials against the user database.


If You Are Using CHAP or MS-CHAP


    The server sends a challenge to your computer.

    Your computer sends an encrypted response to the server.

    The server checks the response against the user database.


If You Are Using MS-CHAP v2


    The server sends a challenge to your computer.

    Your computer sends an encrypted response to the server.

    The server checks the response against the user database, and sends back an authentication response.

    Your computer verifies the authentication response.


If You Are Using Certificate-based Authentication


    The server requests credentials from your computer, and sends its own certificate.

    If you configured your connection to Validate server certificate, it is validated. If not, this step is skipped.

    Your computer presents its certificate to the server.

    The server verifies that the certificate is valid, and that it has not been revoked.

    If the account is valid, the server checks for remote access permission.

    If remote access permissions have been granted, the server accepts your connection. For a Windows 2000 server, permission is granted based on the remote access permission of the user account and the remote access policies.

    If callback is enabled, the server calls your computer back and repeats steps 2 through 4.


NOTE


If you are using an L2TP-enabled VPN, IP Security (IPSec) authenticates your computer account and provides encryption before any of these steps take place. For more information about IPSec, see "Data Encryption" later in this chapter.

Authentication


For dial-up, virtual private network (VPN), and direct connections, Windows 2000 authentication is implemented in two processes: interactive logon and network authorization. Successful user authentication depends on both of these processes.

Interactive Logon Process


The interactive logon process confirms the user's identity to either a domain account or a local computer. Depending on the type of user account and whether the computer is connected to a network protected by a domain controller, the process can vary as follows:


    A domain account

    A user logs on to the network with a password or smart card, using credentials that match those stored in Active Directory. By logging on with a domain account, an authorized user can access resources in the domain and any trusting domains. If a password is used to log on to a domain account, Windows 2000 uses Kerberos v5 for authentication. If a smart card is used instead, Windows 2000 uses Kerberos v5 authentication with certificates.

    A local computer account

    A user logs on to a local computer, using credentials stored in Security Account Manager (SAM), which is the local security account database. Any workstation can maintain local user accounts, but those accounts can only be used for access to that local computer.


Network Authorization


Network authorization confirms the user's identification to any network service or resource that the user is attempting to access. To provide this type of authorization, the Windows 2000 security system supports many different mechanisms, including Kerberos v5, Secure Socket Layer/Transport Layer Security (SSL/TLS), and, for compatibility with Windows NT 4.0 and Windows NTLM.

Users who have logged onto a domain account do not see network authorization challenges during their logon session. Users who have logged onto a local computer account must provide credentials (such as a user name and password) every time they access a network resource.

Logging On Using Domain Credentials


The credentials that you use to initially log on to your computer are also the credentials that are presented to a domain when attempting to access a network resource. Therefore, if your local logon and network authorization credentials differ, you are prompted to provide Windows 2000 domain credentials each time you access a network resource. You can avoid this by logging on to your computer by using your Windows 2000 domain name, your Windows 2000 domain user name, and your Windows 2000 domain password before you try to connect to a network resource. If you log on without being connected to the network, Windows 2000 recognizes that your credentials match a previous successful logon, and you receive the following message: "Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information." When you connect to your network, the cached credentials are sent to your Windows 2000 domain and you are able to access network resources without having to provide a password again.

Authentication Protocols


With Network and Dial-up Connections, you can use the following authentication methods and protocols.

PAP

Password Authentication Protocol (PAP) uses plaintext (unencrypted) passwords and is the least sophisticated authentication protocol. PAP is typically used when your connection and the server cannot negotiate a more secure form of validation. You might need to use this protocol when you are calling a non-Windows-based server.

SPAP

With Shiva Password Authentication Protocol (SPAP), Shiva clients can dial in to computers running Windows 2000 Server, and Windows 2000 clients can dial into Shiva servers.

CHAP

The Challenge Handshake Authentication Protocol (CHAP) negotiates a secure form of encrypted authentication, by using Message Digest 5 (MD5), an industry-standard hashing scheme. A hashing scheme is a method for transforming data (for example, a password) in such a way that the result is unique and cannot be changed back to its original form. CHAP uses challenge-response with one-way MD5 hashing on the response. In this way, you can prove to the server that you know your password without actually sending the password over the network. By supporting CHAP and MD5, Network and Dial-up Connections is able to securely connect to almost all third-party PPP servers.

NOTE


If your server requires you to use PAP, SPAP, or CHAP, you cannot require data encryption for dial-up or PPTP connections.

If the connection is configured to require encrypted authentication, and connects to a server that is only configured for cleartext authentication, the connection hangs up.

MS-CHAP

Microsoft created Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), an extension of CHAP, to authenticate remote Windows workstations, providing the functionality to which LAN-based users are accustomed while integrating the encryption and hashing algorithms used on Windows networks. Like CHAP, MS-CHAP uses a challenge-response mechanism with one-way encryption on the response.

Where possible, MS-CHAP is consistent with standard CHAP. Its response packet is in a format specifically designed for networking with computers running Microsoft® Windows NT and Windows 2000, and Microsoft® Windows 95 and Microsoft® Windows 98.

Your system administrator can define authentication retry and password changing rules for the users connecting to your server.

A version of MS-CHAP is available specifically for connecting to a Windows 95 server. This is required only if your connection is being made to a Windows 95 server.

MS-CHAP v2

A new version of the Microsoft Challenge Handshake Authentication Protocol (MS-CHAP v2) is available. This new protocol provides mutual authentication, stronger initial data encryption keys, and different encryption keys for sending and receiving. To minimize the risk of password compromise during MS-CHAP exchanges, MS-CHAP v2 supports only a newer, more secure, version of the MS-CHAP password change.

For VPN connections, Windows 2000 Server offers MS-CHAP v2 before offering MS-CHAP. Updated Windows clients accept MS-CHAP v2 when it is offered. Dial-up connections are not affected.

In Windows 2000, both dial-up and VPN connections can use MS-CHAP v2. Windows NT 4.0 and Windows 98-based computers can use only MS-CHAP v2 authentication for VPN connections.

EAP

The Extensible Authentication Protocol (EAP) is an extension to the Point-to-Point Protocol (PPP). EAP was developed in response to an increasing demand for remote access user authentication that uses third-party security devices. EAP provides a standard mechanism for support of additional authentication methods within PPP. By using EAP, support for a number of authentication schemes might be added, including token cards, one-time passwords, public key authentication using smart cards, certificates, and others. EAP is a critical technology component for secure virtual private network (VPN) connections, because it can offer stronger authentication methods (such as public key certificates) that are more secure against brute-force attacks, dictionary attacks, and password guessing than older password-based authentication methods.

To find out if you can use EAP, see your system administrator.

Smart Card and Other Certificate Authentication

If a user certificate is installed either in the certificate store on your computer or on a smart card, and the Extensible Authentication Protocol Transport Level Security (EAP-TLS) is enabled, you can use certificate-based authentication in a single network logon process, which provides tamper-resistant storage of authentication information.

A certificate is an encrypted set of authentication credentials. A certificate includes a digital "signature" from the certificate authority that issued the certificate. In the certificate authentication process, your computer presents its certificate to the server, and the server presents its certificate to your computer, enabling mutual authentication. Certificates are authenticated by verifying the digital signature by means of a public key, which is contained in a trusted authority root certificate that is already stored on your computer. These root certificates are the basis for certificate verification, and are supplied only by a system administrator. Windows 2000 provides a number of trusted root certificates. Add or remove trusted root certificates only if your system administrator advises.

Certificates can reside either in the certificate store on your computer or on a smart card. A smart card is a credit card-sized device that is inserted into a smart card reader, which is either installed internally in your computer or connected externally to your computer.

By setting the security options of a connection, you can choose to use a smart card or other certificate, and you can specify particular certificate requirements. For example, you can specify that the server's certificate must be validated, and you can also specify the server's certificate root authority, which is trusted.

When you double-click Make New Connection in the Network and Dial-up Connections folder, if a smart card reader is installed, Windows 2000 detects it and prompts you to use it as the authentication method for the connection. If you decide not to use the smart card at the time you create a connection, you can modify the connection to use the smart card or other certificate at a later time.

Data Encryption


You can think of encryption as locking something valuable into a strong box with a key. Sensitive data is encrypted by using a key algorithm, which renders it unreadable without the knowledge of the key. Data encryption keys are determined at connect time between a connection and the computer on the other end. The use of data encryption can be initiated by your computer or by the server to which you are connecting.

For dial-up, virtual private network (VPN) and direct connections, Network and Dial-up Connections supports two types of encryption: Microsoft Point-to-Point Encryption (MPPE), which uses Rivest-Shamir-Adlemen (RSA) RC4 encryption, and an implementation of Internet Protocol security (IPSec) that uses Data Encryption Standard (DES) encryption. Both MPPE and IPSec support multiple levels of encryption.

Server controls are flexible and can be set to deny the use of encryption, require a specific encryption method, or allow your computer to select an encryption method. By default, most servers allow encryption and allow clients to select their encryption methods. This works for most computers. For a Windows 2000-based remote access or VPN server, the system administrator sets encryption requirements through settings on remote access policies. To determine your encryption settings, contact your system administrator.

To enable MPPE-based data encryption for dial-up or VPN connections, you must select the MS-CHAP, MS-CHAP v2, or Extensible Authentication Protocol-Transport Level Security (EAP-TLS) authentication methods. These authentication methods generate the keys used in the encryption process.

Virtual private networks (VPNs) use encryption depending on the type of server to which they are connecting. If the VPN connection is configured to connect to a PPTP server, MPPE is used. If the VPN is configured to connect to an L2TP server, IPSec encryption methods are used. If the VPN is configured for an automatic server type (which is the default selection), then L2TP is attempted first, followed by PPTP.

MPPE


Microsoft Point-to-Point Encryption (MPPE) encrypts data in PPP-based dial-up connections or PPTP VPN connections. Strong (128-bit key) and standard (56-bit key or 40-bit key) MPPE encryption schemes are supported. MPPE provides data security between your computer and your dial-up server (for dial-up PPP connections) and between your computer and your PPTP-based VPN server (for VPN connection).

NOTE


MPPE requires common client and server keys as generated by MS-CHAP, MS-CHAP v2, or EAP-TLS authentication.

IPSec


IP security (IPSec) is a suite of cryptography-based protection services and security protocols. Because it requires no changes to applications or protocols, you can easily deploy IPSec for existing networks.

IPSec provides machine-level authentication, as well as data encryption, for L2TP-based VPN connections. IPSec negotiates a secure connection between your computer and its remote tunnel server before an L2TP connection is established, which secures user names, passwords, and data.

IPSec encryption does not rely on the authentication method to provide initial encryption keys. Therefore, L2TP connections use all standard PPP-based authentication protocols, such as EAP-TLS, MS-CHAP, CHAP, SPAP, and PAP, to authenticate the user after the secure IPSec communication is established.

Encryption is determined by the IPSec Security Association, or SA. A security association is a combination of a destination address, a security protocol, and a unique identification value, called a Security Parameters Index (SPI). The available encryptions include:


    Data Encryption Standard (DES) with a 56-bit key.

    Triple DES (3DES), which uses three 56-bit keys and is designed for high-security environments.


NOTE


The IP security settings that are associated with TCP/IP properties apply to all connections for which TCP/IP is enabled.

Callback


The callback feature provides cost advantages to you. Callback instructs your dial-in server to disconnect, and then to call you back after you dial in. By immediately hanging up and then calling you back, your phone charges are reduced.

If the feature is required by your system administrator, it also provides security advantages to your network. Requiring callback to a particular number enhances network security by ensuring that only users from specific locations can gain access to the server. Dropping the call and then immediately calling back to the preassigned callback number makes impersonation more difficult.

For more information about callback, see "Configuring Advanced Settings" earlier in this chapter.

/ 335