When I was working with the latest beta of Microsoft Windows Server 2008 (Longhorn), it was evident that Microsoft
has taken the commitment to security seriously and made security a top priority. Microsoft Windows Server 2008 contains countless security enhancements, covering virtually all aspects of the operating system (OS). Since I can't possibly talk about all of the security features that are new in Microsoft Windows Server 2008, I've picked out a few of them to preview.
One of the more minor security features that I tend to think of as being important in spite of its low profile is BitLocker support. Bit Locker is an encryption mechanism that is built into newer servers at the hardware level. The fact that Microsoft Windows Server 2008 supports BitLocker means that you can encrypt any of a server's drives, including those containing the Windows OS.
One of the biggest security concepts in Microsoft Windows Server 2008 is that of role-based security. Windows Server 2003 supported role-based security to some extent, but it takes center stage in Microsoft Windows Server 2008.
To see why role-based security is important, imagine for a moment that you need to configure a server to act as a Web server. In Windows Server 2003, you would use the Control Panel's Add/Remove Programs applet to install IIS and any necessary sub-components, assuming that IIS is not already installed. Although this approach works, it has a couple of problems. First, this approach makes it difficult for less-experienced administrators to complete the task at hand because they must manually install all of the necessary components. If an administrator does not understand dependencies or know exactly which components are necessary, then the installation can be a frustrating experience.
The other problem with using this approach is that you are adding IIS to a fully configured server. There are other already-installed components that are not necessary for running IIS. These existing components won't keep IIS from running correctly, but they do pose a potential security risk.
An old law of computing essentially states the following: The larger the size of the code base running on a machine, the greater the chance the code contains an exploitable bug. To put it simply, if you get rid of anything that is not essential to performing the task at hand, then you make the machine more secure (and more efficient) because you have reduced the size of the code base that is running on the machine.
In Microsoft Windows Server 2008, a new management tool called Server Manager allows you to choose which components will be installed to the server by role. The idea is that when you choose a role, Windows is smart enough to install all of the components necessary for the server to perform that role. At the same time, however, nothing unnecessary gets installed. This allows you to have much tighter control over which Windows components are running on your server, thus providing better security.
Server core is an example of role-based security taken to the extreme. On most networks, there are certain servers that only perform a single task. Some examples include DNS servers, DHCP servers, domain controllers and file servers. Although these types of servers warrant some of the highest security, a default installation of Windows Server 2003 includes lots of unnecessary components and services for servers performing in these roles.
Servers performing in the aforementioned roles can be better secured by being stripped completely bare of everything except for the absolute essentials. Not only will a server configured to run in server core mode only run the task at hand, it does not even include a true GUI interface. Instead, the server must be configured from the command line. Yes, server core is optional. You can run any of the roles that I mentioned without using server core mode.
Network Access Protection
The last security component that I want to mention is Network Access Protection (NAP). Microsoft intended NAP for use on networks with mobile or remote users. If you have ever supported mobile or remote users, then you know how frustrating it can be to secure your network, only to have a user log on from a virus infested home computer that is still running Windows 98.
NAP allows you to establish system health validators for remote computers. You can create a policy that specifies what it means for a remote computer to be healthy. For example, you could require that remote computers have the Windows firewall enabled, have the most up-to-date security patches and antivirus definitions.
When remote users connect to the network, their computers are compared against the system health validator to see if it is healthy or not. If a system is healthy, then network access will be granted in the normal manner. If the system is not healthy, then it can be either denied access to the network or quarantined to an isolated network segment. Typically, if a machine is quarantined, then the isolated network segment would contain the resources needed to update the computer and make it healthy.
Microsoft Windows Server 2008 contains a huge variety of new security mechanisms. When Microsoft Windows Server 2008 is eventually released, it should to prove to be the most secure Windows OS ever created.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.