Network Level Authentication
- Network Level Authentication
-
Network Level Authentication is a technology used in Remote Desktop Services (RDP Server) or Remote Desktop Connection (RDP Client) that requires the connecting user to authenticate themselves before a session is established with the server. Originally, if you opened an RDP (remote desktop session) to a server it would load the login screen from the server for you. This would use up resources on the server, and was a potential area for denial of service attacks. NLA delegates the user's credentials from the client through a client side Security Support Provider and prompts the user to authenticate before establishing a session on the server.
Network Level Authentication was introduced in RDP 6.0 and supported initially in Windows Vista. It uses the new Security Service Provider, CredSSP, which is available through SSPI in Windows Vista. With Windows XP Service Pack 3, CredSSP was introduced on that platform and the included RDP 6.1 Client supports NLA; however CredSSP must be enabled in the registry first.[1]
Advantages
The advantages of Network Level Authentication are:
Disadvantages
- No support for other credential providers
- Like any SSO scheme, suffers from the 'keys to the castle' problem.
- To use Network Level Authentication in Remote Desktop Services, the client must be running Windows XP SP3 or later, and the server must be running Windows 7 [2] or Windows Server 2008.
- Support for RDP Servers requiring Network Level Authentication needs to be configured via registry keys for use on Windows XP SP3.
References
External links
Wikimedia Foundation.
2010.
Look at other dictionaries:
Network administrator — Network engineer redirects here. For other uses, see Network engineering (disambiguation). A network administrator, network analyst or network engineer is a person responsible for the maintenance of computer hardware and software that comprises a … Wikipedia
Network switching subsystem — (NSS) (or GSM core network) is the component of a GSM system that carries out call switching and mobility management functions for mobile phones roaming on the network of base stations. It is owned and deployed by mobile phone operators and… … Wikipedia
Network Access Control — (NAC) is an approach to computer network security that attempts to unify endpoint security technology (such as antivirus, host intrusion prevention, and vulnerability assessment), user or system authentication and network security… … Wikipedia
Network-Centric Service-Oriented Enterprise (NCSOE) — is a new generation enterprise capable of conducting collaboration and management of internal and external information. Using Network Centric Enterprise Services (NCES) , the enterprise can now enforce information and decision superiority in a… … Wikipedia
Network security — In the field of networking, the area of network security[1] consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and… … Wikipedia
Network Time Protocol — The Network Time Protocol (NTP) is a protocol and software implementation for synchronizing the clocks of computer systems over packet switched, variable latency data networks. Originally designed by David L. Mills of the University of Delaware… … Wikipedia
Two-factor authentication — (TFA, T FA or 2FA) is an approach to authentication which requires the presentation of two different kinds of evidence that someone is who they say they are. It is a part of the broader family of multi factor authentication, which is a defense in … Wikipedia
Simple Network Management Protocol — (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). SNMP is used in network management systems to monitor network attached devices for conditions that warrant administrative attention. It… … Wikipedia
Cellular neural network — Cellular neural networks (CNN) are a parallel computing paradigm similar to neural networks, with the difference that communication is allowed between neighbouring units only. Typical applications include image processing, analyzing 3D surfaces,… … Wikipedia
Virtual private network — A virtual private network (VPN) is a computer network in which some of the links between nodes are carried by open connections or virtual circuits in some larger network (e.g., the Internet) instead of by physical wires. The link layer protocols… … Wikipedia
