|
Windows Server 2008 includes an impressive array of new security applications and features that further enhance enterprise deployments, particularly within hostile environments or under potentially threatening scenarios. Today's Internet is a brightly illuminated world that casts shadows, and from those shadows arise criminal aspirations that seek to undermine Internet-accessible businesses. Microsoft has stepped up its Windows Server 2008 defenses to better serve the computing public that can't always defend against unforeseen, persistent, or stealthy attacks.
The following paragraphs briefly summarize some of the new and newly enhanced security features of the Windows Server 2008 family:
- BitLocker Drive Encryption is a security feature of both Windows Vista and Windows Server 2008 to provide strong cryptographic protection. BitLocker encrypts all data stored in the Windows volume and any relevant configured data volumes, which includes hibernation and paging files, applications, and application data. Furthermore, BitLocker works in conjunction with Trusted Platform Module (TPM) frameworks to ensure the integrity of protected volumes.
- Windows Service Hardening turns Internet-facing servers into bastions resistant to many forms of network-driven attack. This restricts critical Windows services from performing abnormal system activities within the file system, registry, network, or other resources that may be leveraged to install malware or launch further attacks on other computers.
- Microsoft Forefront Security Technologies is a comprehensive solution that provides protection for the client operating system, application servers, and the network edge. In the Forefront Client Security role, you may provide unified malware protection for business notebooks, workstations, and server platforms with easier management and control. Server security can fortify Microsoft Exchange messaging environments or protect Office SharePoint Server 2007 services against viruses, worms, and spam.
- Internet Security and Acceleration (ISA) Server provides enterprise-worthy firewall, virtual private network (VPN), and Web caching solutions to protect IT environments against Internet-based threats. Microsoft's Intelligent Application Gateway is a remote-access intermediary that provides secure socket layer (SSL) application access and protection with endpoint security management.
- User Account Control (UAC) enables cleaner separation of duties to allow non-administrative user accounts to occasionally perform administrative tasks without having to switch users, log off, or use the Run As command. UAC can also require administrators to specifically approve applications that make system-wide changes before allowing those applications to run.
- Windows Firewall and Advanced Security is an MMC snap-in that handles both firewall and IP Security (IPSec) configurations in Windows Sever 2008. It can create filters for IPv4 and IPv6 inbound or outbound traffic and protect information entering or exiting the computer through IPSec.
- Network Access Protection (NAP) is a built-in policy enforcement platform that maintains a social health order for the network environment by specifically requiring that connecting client computers meet certain criteria. NAP helps create custom health code requirements driven through policy enforcement to validate compliant computers before making any connections to the protected network.
Microsoft has also gone to great lengths to improve and expand upon many other security features, management and configuration applets, applications, and tools.
|
