Security Enhancements in Windows Server 2008
There are hundreds of improvement in Windows Server 2008 over what we had with Windows Server 2003. But what about security? To begin with, Windows Server 2008 was designed from the ground up using Microsoft's Security Development Lifecycle method of creating secure software (http://msdn2.microsoft.com/en-us/library/ms995349.aspx).
Windows Server 2008 was also designed with least privilege in mind, so that each service runs at the absolute least privilege level so that if one service is compromised, the attacker can't leverage the privileges of the compromised service to attack other components of the operating system. This is referred to as Windows Service Hardening.
In addition, Windows Server 2008 supports a completely new method of deployment, called Server Core. Server Core installs only a small subset of binaries which are required to get the operating system started.
What other new and cool security related technologies are included with Windows Server 2008? Consider these:
- Read only domain controllers (RODCs)
- Active Directory Federation Services (ADFS)
- Active Directory Lightweight Directory Services (AD LDS)
- Directory Service Auditing
- Federated Collaboration
- BitLocker whole volume encryption
- Network Access Protection (NAP)
- Windows Firewall with Advanced Security
- Enhanced Server and Domain Isolation
- Enterprise PKI (PKIView)
- Online Certificate Status Protocol (OSCP)
- Network Device Enrollment Service (NDES)
- V3 Certificate Templates
- Cryptography Next Generation (CNG)
- Terminal Services Gateway
- Terminal Services RemoteApp
- Enhanced EFS
- Enhanced Security Configuration Wizard
- Kerberos enhancements with AES encryption
- Improved Authorization Manager
I'm sure there are many more security improvements, but this list should give you a taste of the improved security environment provided by Windows Server 2008. We'll cover all these topics and more in upcoming articles I'll write on the www.windowsecurity.com Web site. It's going to be a great year for Microsoft security admins!
Thomas W Shinder, M.D.
GET THE NEW BOOK! Go to http://tinyurl.com/2gpoo8
Email: [email protected]
MVP - Microsoft Firewalls (ISA)