Eliminate zero-day threats with virtual server technology

Brien Posey continues his discussion on protecting your server against zero-day threats in this third tip of a five-part series.

This Content Component encountered an error
This is the third installment in our series on containing zero-day threats.

One solution when fighting zero-day attacks is to take advantage of virtual server technology. If you have several server roles that require a minimal amount of system resources, you could consolidate those roles onto a single physical server that is hosting multiple virtual servers. Doing so provides better security than hosting all of the server roles under a common operating system (OS) because each virtual OS functions as an isolated...

environment.

More on zero-day threats
  • Harden your network services and contain zero-day threats

  • Define server roles, counterattack zero-day threats
  • Using virtual servers is also more cost effective than using separate physical boxes for each server. Not only do you save money on hardware, but you also save on licenses: Windows Server 2003 R2 is licensed to run up to four virtual instances of Windows Server on each physical server.

    Whether you choose to use physical or virtual servers, the real trick is to figure out exactly which components you do and do not need on each server. Only then can you remove unnecessary components and disable unnecessary services. (Disabling unnecessary services and uninstalling unnecessary components also tends to increase the server's performance.)

    Fortunately, it's not as difficult as it sounds. Microsoft has created a document called the Windows Server 2003 Security Guide, which helps you figure out which components are necessary for your situation. The guide takes a role-based approach to server security and discusses at length which components are required for servers acting in various roles. You can access the Windows security guide on Microsoft's TechNet site.

    Although the Windows Server 2003 Security Guide is a rather extensive document, it does not cover every possible scenario. The good news is that Microsoft has published similar guides pertaining to most of its server products. For example, suppose that one of the servers in your organization is running Exchange Server 2003. The Windows Server 2003 Security Guide does not address the procedure for hardening an Exchange Server. It does, however, contain a baseline procedure for hardening a member server. You can use the baseline policy as a starting point and then refer to the Microsoft Exchange Server 2003 Security Hardening Guide for specific Exchange Server requirements.

    I can't provide the links for all of the security guides -- there are just too many of them. But, you can easily find any of these guides by performing a simple query using the product name and the words SECURITY GUIDE in either Google or directly on the Microsoft Web site.

    The most effective countermeasure against zero-day exploits involves reducing the attack surface of the computer that you are trying to protect. Keep in mind that you should always exercise security in depth. In other words, don't depend solely on a limited attack surface to protect you against a zero-day exploit. Adhere to standard security best practices, such as keeping systems patched, keeping antivirus software up to date, using strong passwords and working with the lowest possible user privileges.

    About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.

    This was first published in November 2006

    Dig deeper on Windows Server Virtualization and Microsoft Hyper-V

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchServerVirtualization

    SearchCloudComputing

    SearchExchange

    SearchSQLServer

    SearchWinIT

    SearchEnterpriseDesktop

    SearchVirtualDesktop

    Close