Designing a Client Authentication Infrastructure

In this practice, you will design a client authentication infrastructure for a MCP certification fictitious company. Read the scenario and then answer the questions that follow. If you are unable to answer a question, review the lesson materials and try the question again. You can find answers to the questions in the "Questions and Answers" section at the end of the chapter.
Scenario
You are the security designer for Wingtip Toys. You have just joined the company and have been asked to participate in the review committee for the purchase of mobile access services and devices. Wingtip Toys realizes that some employees' only remote access needs are to send and receive e-mail. The sales department is developing a custom application for sales order entry and catalog information A+ Exams retrieval. Your goal is to consider the security implications of possible purchases. Your first goal is to consider authentication.
Do not weaken all security when new products are introduced.Instead,determine whether authentication can be managed by intermediary devices or
applications so that other authentication processes can remain at their level. For example, if PDA users are restricted to a four-digit password, or mobile phone users can use only a four-digit PIN number as authentication, do not reduce the security policy in the domain to a minimum password length of four digits. Instead, you can require PDA users to use a VPN client that does support stronger password requirements or secure tokens, and use the capabilities of Microsoft Mobile Information Server to manage authentication for mobile phone users.
Seek to improve authentication security with existing devices.You should not assume that products are installed with only the most secure authentication
choices. The default implementations of authentication, especially for remote access, might allow the use of weak protocols. In addition, previous products used on the network, or used to connect remotely to the network, might have required the use of less secure authentication protocols. Reviewing current
authentication and comparing it against the needs of clients on the network can result in an improvement simply by eliminating the need to use older, less secure authentication protocols. It is also true that new authentication protocols and processes, such as the use of MCSE 2003 certification and smart cards, can strengthen authentication.