Problem solve Get help with specific problems with your technologies, process and projects.

Microsoft Longhorn Server Core: Security implications

Microsoft's Longhorn Server Core edition will allow you to build a custom server from the ground up, using only the capabilities that you absolutely need. Read about the security implications of this new modular architecture in this tip from Jonathan Hassell.

Microsoft Longhorn Server is expected to bring many exciting features to the table, among them a modular approach to server architecture that will greatly ease hardening and increase security.

More on Longhorn
Microsoft Longhorn features worth watching
Expert Gary Olsen offers observations on some of the more notable features in Longhorn that will make a difference in Windows administration.

Got a question about Longhorn? Click here to pose it to one of our experts.

In a nutshell, the current plans for Server Core edition of Longhorn will allow administrators to deploy role-based servers on a barebones Windows operating system using command-line prompts but no GUI. As needs change, administrators can lay additional services (remote access service, terminal services, file and print capabilities, Active Directory servers, Web servers, etc.) on top of a base server core installation.

These are the significant benefits of this modular approach from a security standpoint:

  • Server Core, by definition has a reduced attack surface.
    The fact that these Server Core machines only run the most basic elements of the Windows Server operating system makes them less susceptible to attack. The fewer moving parts there are, the less the likelihood there is that a vulnerability exists or an exploit can occur. These machines are more appropriate for placement in environments where you might not have considered putting a Windows machine.
  • The modular architecture of Server Core means less to patch and less to manage.
    You only need to worry about patching the services you're using, whereas with previous versions of Windows on the server, certain vulnerabilities meant you had to patch the whole machine. Additionally, you only manage what you use, so there's less administrative burden.
  • Server Core machines further enable role-based deployment.
    In previous versions of Windows Server -- namely Windows Server 2003 -- roles were a part of the "Configure Your Server" wizard. While this did a good job of ensuring that appropriate components for a specific role were installed, it didn't necessarily remove components that weren't required. Consequently, the machine was still running an entire, full-fledged installation of the fundamental operating system. With Server Core, role-based deployment is truly role-based: You use only what you need, and none of the inessential extras.
  • Server Core availability means appliance-like machines are as functional as they are hardened.
    The IT appliance industry is growing each year, mainly because of the unique traits of such a product. You plug it in, configure it initially through a very simple process and then let it do its job. Generally, appliances are as close to set-and-forget as you will get in information technology. Core OS brings the power of Windows, Active Directory and Group Policy manageability -- among other things -- to the closed, hardened, specialized nature of an appliance.
  • Manageability is better than a farm of Linux machines that performed the functions Server Core boxes are destined to run.
    Distributed groups of Linux machines can't participate in Active Directory or Group Policy in a meaningful way without third-party software, despite the fact that Linux and Unix appliance-like machines are often placed in front-line environments or in areas with other, threatening conditions. Server Core brings all the advantages of Windows to areas in which alternative operating systems have thrived.

About the author: Jonathan Hassell is the author of "Hardening Windows" (Apress LP) and is a site expert. Hassell is a systems administrator and IT consultant residing in Raleigh, N.C., who has extensive experience in networking technologies and Internet connectivity. He runs his own Web-hosting business, Enable Hosting. His previous book, RADIUS (O'Reilly & Associates), is a guide to implementing the RADIUS authentication protocol and overall network security.

Dig Deeper on Windows Server troubleshooting

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.