Security has been improved in Windows XP to help you have a safe, secure, and private computing experience. The operating system is available in two editions – Home and Professional, and the latter is mostly used for business purposes. The security features of this version are described in the following article.
Windows XP Professional includes all the security capabilities of the Home edition, plus other advanced features. These important new features will reduce your IT costs and enhance the protection of your business systems.
The Professional edition is the operating system of choice for businesses of all sizes, and provides the most dependable security services for business computing. It includes all the security features you need for business networking and security.
Controlled Network Access: Windows XP provides built-in security to safeguard corporate networks. The Professional edition offers robust security features to help businesses protect sensitive data and provide support for managing users on a network.
These features include Access Control Lists (ACLs), security groups, and Group Policy. Each of these features have default settings that can be modified to suit the needs of an organization. The network is safeguarded by limiting any unknown user to “guest”-level privileges. If intruders attempt to break into your computer network and gain unauthorized privileges by guessing passwords, they will be unsuccessful and will obtain only limited, guest-level access.
Managing Network Authentication: As a result, the Professional edition requires that all users logging into a network use the Guest account, by default. This change is designed to prevent hackers attempting to access a system across the Internet, from logging on by using a local Administrator account, that has no password. The sharing and security model for local accounts allows you to choose between the Guest-only security model and the Classic security model.
In the Guest-only model, all attempts to log on to the local computer from across the network will be forced to use the Guest account. In the Classic security model, users who attempt to log on the local computer from across the network authenticate as themselves. This policy does not apply to computers that are joined to a domain. Otherwise, a guest-only account is enabled by default.
Blank Password Restriction: To protect users, who do not password protect their accounts, Windows XP Professional only allows a log in at the physical computer console. Assigning a password to a local account removes the restriction that prevents logging on over a network. It also permits that account to access any resources it is authorized to access, even over a network connection.
Encrypting File System: An Encrypting File System (EFS) protects sensitive data in files that are stored on disk using the NTFS system. EF is the core technology for encrypting and decrypting files stored on NTFS volumes. Only the user who encrypts a protected file can open the file and work with it. This is especially useful for mobile computer users, because even if someone else gains access to a lost or stolen laptop, he or she will not able to access any of the files on the disk. From a user’s point of view, encrypting a file is simply a matter of setting a file attribute. The encryption attribute can also be set for a file folder. This means that any file created in or added to the folder is automatically encrypted. Individual files and file folders (or sub-folders) on NTFS volumes can be set with the encryption attribute.
Smart Card Support: A smart card is an Integrated Circuit Card (ICC) approximately the size of a credit card. You can use it to store certificates and private keys and to perform public key cryptography operations, such as authentication, digital signing, and key exchange. A smart card enhances security as follows:
It provides tamper-resistant storage for private keys and other forms of personal identification.
It isolates critical security computations involving authentication, digital signatures, and key exchange from parts of the system that do not require this data. It enables moving credentials and other private information from one computer to another (for example, from a workplace computer to a home or remote computer).
A PIN Instead of a Password: A smart card uses a Personal Identification Number (PIN), instead of a password. The smart card is protected from misuse by the PIN, which the owner of the smart card selects. To use the smart card, you insert it into a reader attached to a computer, and then enter the PIN.
A PIN offers more protection than a standard network password. Passwords (or derivations, such as hashes) travel over the network and are vulnerable to interception. The strength of the password depends on its length, how well it is protected, and how difficult it is for an attacker to guess. In contrast, a PIN never travels on the network. In addition, smart cards allow a limited number (typically three to five) of failed attempts to key in the correct PIN before the card locks itself. After the limit is reached, entering the correct PIN does not work. The user must contact a system administrator to unlock the card.