NTLM AND kerberos
Microsoft adopted Kerberos as the preferred authentication protocol for Windows 2000 and subsequent Active Directory domains.[5] Kerberos is typically used when a server belongs to a Windows Server domain, or if a trust relationship with a Windows Server Domain is established in some other way (such as Linux to Windows AD authentication).[citation needed]
NTLM is still used in the following situations:
* The client is authenticating to a server using an IP address.
* The client is authenticating to a server that belongs to a different Active Directory forest that has a legacy NTLM trust instead of a transitive inter-forest trust
* The client is authenticating to a server that doesn't belong to a domain.
* No Active Directory domain exists (commonly referred to as "workgroup" or "peer-to-peer").
* Where a firewall would otherwise restrict the ports required by Kerberos (of which there are quite a few)
In Windows Vista and above, neither LM nor NTLM are used by default[citation needed]. NTLM is still supported for inbound authentication, but for outbound authentication a newer version of NTLM, called NTLMv2, is sent by default instead. Prior versions of Windows (back as far as Windows NT 4.0 Service Pack 4) could be configured to behave this way, but it was not the default.
Kerberos is an authentication mechanism used to verify user or host identity. This page contains the information you need to evaluate, plan, and deploy Kerberos, the preferred authentication method for services in Windows Server 2003.
NTLM for 2000
The
Windows authentication (formerly named NTLM, and also referred to as Windows NT Challenge/Response authentication) is a secure form of authentication because the user name and password are hashed before being sent across the network. When you enable Windows authentication, the client browser sends a strongly hashed version of the password in a cryptographic exchange with your Web server.
Windows authentication supports two authentication protocols, Kerberos and NTLM, which are defined in the
Windows authentication is best suited for an intranet environment for the following reasons:
The
There are two authetication protocols available in normal 2003 server. NTLM and Keberous.
Kerberos
True.
The Server Message Block (SMB) Protocol is a network file sharing protocol, and as implemented in Microsoft Windows is known as Microsoft SMB Protocol.
realtime multicast protocol i believe
Network Level Authentication (NLA)
NFS protocol
TCP/IP is the standard default.
The Windows file sharing protocol is the Server Message Block or SMB. It was developed by Barry Feigenbaum at IBM.
The Windows operating systems implements a default set of authentication protocols-Kerberos, NTLM, TLS/SSL, Digest, and PKU2U-as part of an extensible architecture. In addition, some protocols are combined into authentication packages such as the Credential Security Support Provider (CredSSP), Negotiate, and Negotiate Extensions. These protocols and packages enable authentication of users, computers, and services; the authentication process, in turn, enables authorized users and services to access resources in a secure manner. Windows authentication protocols are conventions that control or enable the connection, communication, and data transfer between computers in a Windows environment by verifying the identity of the credentials of a user, computer, or process. The authentication protocols are security support providers (SSPs) that are installed in the form of dynamic-link libraries (DLLs). Negotiate Microsoft Negotiate is an SSP that acts as an application layer between the Security Support Provider Interface (SSPI) and the other SSPs. When an application calls into SSPI to log on to a network, it can specify an SSP to process the request. If the application specifies Negotiate, Negotiate analyzes the request and selects the best SSP to handle the request based on the configured security policy. Currently, the Negotiate SSP selects either the Kerberos or NTLM protocol. Negotiate selects the Kerberos protocol unless it cannot be used by one of the systems involved in the authentication or if the client application did not provide a target name as a service principal name (SPN), a user principal name (UPN), or a NetBIOS account name. Otherwise, Negotiate will select the NTLM protocol. A server that uses the Negotiate SSP can respond to client applications that specifically select either the Kerberos or NTLM protocol. However, a client application must first query the server to determine if it supports the Negotiate package before using Negotiate. (Negotiate is supported on Windows operating systems beginning with Windows Server 2003 and Windows XP.) A server that does not support Negotiate cannot always respond to requests from clients that specify Negotiate as the SSP Kerberos :The Kerberos version 5 (v5) authentication protocol provides a mechanism for authentication-and mutual authentication-between a client and a server, or between one server and another server NTLM The NTLM version 2 (NTLMv2) authentication protocol is a challenge/response authentication protocol. NTLM is used when exchanging communications with a computer running Windows NT Server 4.0 or earlier. Networks with this configuration are referred to as mixed-mode. NTLM is also the authentication protocol for computers that are not participating in a domain, such as stand-alone servers and workgroups. Negotiate Extensions NegoExts (NegoExts.dll) is an authentication package that negotiates the use of SSPs for applications and scenarios implemented by Microsoft and other software companies. Pku2u.dll is one of the supported SSPs that is installed by default, and developers can create custom providers. PKU2U The PKU2U protocol in Windows 7 and Windows Server 2008 R2 is implemented as an SSP. The SSP enables peer-to-peer authentication, particularly through the Windows 7 media and file sharing feature called Homegroup, which permits sharing between computers that are not members of a domain. Credential Security Support Provider Windows Vista introduced a new authentication package called the Credential Security Support Provider (CredSSP) that provides a single sign-on (SSO) user experience when starting new Terminal Services sessions. CredSSP enables applications to delegate users' credentials from the client computer (by using the client-side SSP) to the target server (through the server-side SSP) based on client policies TLS/SSL The TLS/SSL protocols are used to authenticate servers and clients, and to encrypt messages between the authenticated parties. The TLS/SSL protocols, versions 2.0 and 3.0, and the Private Communications Transport (PCT) protocol are based on public key cryptography. The secure channel (Schannel) authentication protocol suite provides these protocols. All Schannel protocols use a client/server model and are primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications Digest The Digest authentication protocol is a challenge/response protocol that is designed for use with HTTP and Simple Authentication Security Layer (SASL) exchanges. These exchanges require that parties requesting authentication must provide secret keys.
If using standard FTP protocol then ports 20 and 21 would be used.
Windows Server 2008 is the most recent release of Microsoft Windows' server line of operating systems. Released to manufacturing on 4 February 2008 and officially released on 27 February 2008, it is the successor to Windows Server 2003, released nearly five years earlier. Like Windows Vista, Windows Server 2008 is built on the Windows NT 6.0 kernel. A second release, named Windows Server 2008 R2, is currently under development.
For Windows Server 2008, it should be IIS 7.
Windows Server 2008 is the most recent release of Microsoft Windows' server line of operating systems. Released to manufacturing on 4 February 2008 and officially released on 27 February 2008, it is the successor to Windows Server 2003, released nearly five years earlier. Like Windows Vista, Windows Server 2008 is built on the Windows NT 6.0 kernel. A second release, named Windows Server 2008 R2, is currently under development.