Support MC Press - Visit Our Sponsors

 

Forums Sponsor

POPULAR FORUMS Rpg sql insert into qtemp table (2015 views) What is better, free code or traditional code ? (1744 views) cant ping workstation from system i (1412 views) was 7 nd server not starting (1246 views) SQL Error 802 Type 6 - Numeric Handling for Joins? (566 views) ODF Release April 28, 2012 (490 views)   Forums

 

 

Search Sponsor

Search

 

 

With features such as BitLocker Drive Encryption, Digitally Signed Files, and Read Only Domain Controller (RODC), Windows Server 2008 R2 mitigates security problems.

Wri

Windows Server 2008 is one of Microsoft's most popular operating systems. Windows Server 2008 RC2 was released in July 2008, and Microsoft has made quite a few enhancements that help improve security, increase productivity, and reduce the administrative overhead. This article discusses the security vulnerabilities in Windows Server 2008 RC2 and ways to address those issues.

Prerequisites

To install Windows Server 2008 RC2 in your system, here is a list of the standard/recommended requirements:

• Processor—1.4 GHz 64-bit
• Disk—32 GB
• Memory—32 GB (for Windows Server 2008 R2 Standard) or 2 TB (for Windows Server 2008

R2 Enterprise, Windows Server 2008 R2 Datacenter, and Windows Server 2008 R2 for Itanium-Based Systems)

What Is Windows Server 2008?

An operating system (OS) is designed to act as an interface between the computer and its user. The Windows Server OS is a platform that you can use to build an infrastructure of connected applications, networks, and Web services. Originally codenamed Windows Server "Longhorn," Windows Server 2008 is built from the same code base as Windows Vista. Windows Server 2008 Release Candidate 2 is the second release candidate of the Windows Server 2008 operating system. Microsoft states: "Windows Server 2008 R2 builds on the award-winning foundation of Windows Server 2008, expanding existing technology and adding new features to enable organizations to increase the reliability and flexibility of their server infrastructures. New virtualization tools, Web resources, management enhancements, and exciting Windows 7 integration help save time, reduce costs, and provide a platform for a dynamic and efficiently managed data center. Powerful tools such as Internet Information Services (IIS) version 7.5, updated Server Manager and Hyper-V platforms and Windows PowerShell version 2.0 combine to give customers greater control, increased efficiency, and the ability to react to front-line business needs faster than ever before."

You can find more information, news, and updates on Windows Server R2 here.

Causes of the Security Vulnerabilities in Windows OSes

The various causes of security vulnerabilities in Windows OSes include the following:

• Easy access to files and directories in a networked system—It's a major issue when files and directories are shared and exposed over a network. Often, an attacker could easily access sensitive information—such as credit card numbers, important secure data, and passwords—stored in your system.
• Firewall—The Windows OS doesn't provide a reliable firewall to prevent attackers from hacking your system.
• Security Policies—Windows OSes don't provide a good security standard. The security policy settings and password policies in a Windows-based OS are quite weak. Also, encryption of data is weak; there's no robust drive encryption policy or standard in place.

Windows Server 2008 RC2: Security Enhancements Address Vulnerabilities

Windows Server 2008 RC2 incorporates a lot of security enhancements to mitigate the security vulnerabilities that were encountered in earlier versions of Windows Server operating systems, like Windows Server 2003 and Windows Server 2000. Incidentally, Windows Server 2008 RC2 was released much later than Windows Vista (actually, it was released 20 months after Windows Vista), and all the security patches and updates that apply to Windows Vista have been incorporated in Windows Server 2008 RC2. And remember, those security updates have already been tested and are safe as Windows Vista has been around for quite a while now.

The most important of such security updates to Windows Server 2008 RC2 include support for the following:

• Server Manager for managing security components
• Server Core Installation
• BitLocker Drive Encryption
• Network Access Protection (NAP)
• Digitally Signed Files
• Address Space Layout Randomization (ASLR)
• Read Only Domain Controller (RODC)

Server Manager for Managing Security Components

A server role denotes the primary function of a server. The Server Manager is a component in Windows Server 2008 that can be used to manage and secure multiple server roles in an enterprise. It provides support for installing, configuring, and managing server roles and features that are part of Windows Server 2008 R2. The Server Manager is an extended Microsoft Management Console (MMC) snap-in that facilitates server administration and allows the server administrators to manage security using a single tool. Microsoft states: "Server Manager replaces several features provided in previous versions of Windows Server, including Manage Your Server, Configure Your Server, and Add or Remove Windows Components. Server Manager also eliminates the requirement that administrators run the Security Configuration Wizard before deploying servers—server roles are configured with recommended security settings by default and are ready to deploy as soon as they are installed and properly configured."

The Server Manager is installed by default as part of the Windows Server 2008 installation. In order to use the Server Manager in Windows Server 2008, you should be logged in to your system as administrator. Server Manager features include the following:

• Install or remove server roles
• Edit server roles and features
• Start or stop services on the server
• Manage server identity and determine server status

Server Core Installation

This installation strategy enables you to install a minimal version of Windows Server 2008 with the least number of features available. You won’t find the graphical user interface or any unnecessary features here, so there is less code running in your system. Hence, a potential attacker would hardly find an area to attack. Such an installation is also known as a "hardened installation" and is more secure. You also need fewer patches in such an instance of Windows Server 2008. Wikipedia states: "Windows Server 2008 includes a variation of installation called Server Core. Server Core is a significantly scaled-back installation where no Windows Explorer shell is installed. All configuration and maintenance is done entirely through command line interface windows, or by connecting to the machine remotely using Microsoft Management Console. However, Notepad and some control panel applets, such as Regional Settings, are available."

You can use Server Code Installation Strategy in nine different server roles:

1. Active Directory Domain Services
2. Active Directory Lightweight Directory Services
3. Streaming Media Services
4. Hyper-V (Windows Server Virtualization)
5. DHCP Server
6. DNS Server
7. File Services
8. Print Services
9. Web Server (IIS 7.0)

BitLocker Drive Encryption

The BitLocker encryption strategy in Windows Server 2008 ensures that an attacker cannot gain access to and understand the valuable data that is stored in your system, such as passwords or credit card data.

Network Access Protection (NAP)

Network Access Protection (NAP) is Microsoft’s security strategy that defines the security policies and principles that govern how client systems can connect to a Windows Server 2008 RC2 server system. Only client systems that conform to the security policies, principles, and norms that govern this connectivity can connect to Windows Server 2008 RC2. Originally planned to be released with Windows Server 2003 RC2, NAP limits the access of systems based on requirements defined using the Windows Security Health Validator (SHV) policy. Such health requirements defined in the SHV include the following:

• Firewall should be enabled.
• Anti-virus and anti-spyware software should be installed and updated.
• Automatic updates should be enabled.

Digitally Signed Files

A file system is the name given to the strategy used by an OS to organize files and directories stored in disks. The Windows Server 2008 file system is based on the Windows Vista file system, an extended version of the New Technology File System (NTFS). The Windows Server 2008 RC2 file system is very secure.

Windows Server 2008 RC2 includes support for digital signatures on the files stored in the disks. This prevents an attacker from modifying data easily and understanding the data stored on the disks. Such digital signatures are stored for the executable files and dynamic link libraries, and Windows Server 2008 RC2 periodically checks these files to ensure the integrity of data stored in the disk. Also, such checks are performed before these files are loaded into the main memory or primary memory.

Address Space Layout Randomization (ASLR)

Windows Server 2008 includes built-in support for Address Space Layout Randomization (ASLR), a security strategy that can help you prevent access to your data and executables by potential attackers. ASLR protects data by randomly arranging the positions of key data areas. These key positions include the base of the executable and the memory position of heap and stack in the address space of a process loaded in the memory. Note that a process is the running instance of a program that is characterized by change of state and attributes and identified by a Process Control Block (PCB) of its own. ASLR prevents a potential attacker from predicting the target addresses of an executable because the memory address of an executable loaded in the memory randomly changes over time.

Read-Only Domain Controller (RODC)

Windows Server 2008 provides built-in support for Read-Only Domain Controller (RODC), a type of domain controller that provides improved security in office branches. Prior to RODC in Windows Server 2008, there wasn't a good way to authenticate a domain controller over a wide area network (WAN). Microsoft TechNet states, "A read-only domain controller (RODC) is a new type of domain controller in the Windows Server 2008 operating system. With an RODC, organizations can easily deploy a domain controller in locations where physical security cannot be guaranteed. An RODC hosts read-only partitions of the Active Directory Domain Services (AD DS) database."

The RODC in Windows Server 2008 provides the following features:

• Enhanced security
• Faster logons
• Improved access to network resources

Suggested Readings

Here are links to some good references for further study on this topic:

http://en.wikipedia.org/wiki/Windows_Server_2008

http://technet.microsoft.com/en-us/library/dd349801(WS.10).aspx

http://technet.microsoft.com/en-us/library/cc732801(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd883262(WS.10).aspx

http://technet.microsoft.com/en-us/library/dd379511(WS.10).aspx

http://blogs.msdn.com/michael_howard/archive/2008/03/04/some-thoughts-about-windows-server-2008.aspx

http://technet.microsoft.com/en-us/library/cc264463.aspx

Windows OS Security

Security in Windows operating systems has been a major cause of concern over the past few decades. However, the security enhancements and improvements in Windows Server 2008 RC2 mitigate the security vulnerabilities. To address the security vulnerabilities in Windows Server 2008 RC2, you should set a security policy and then use a checklist to validate that the policy is strictly followed. With a well-thought-out security policy established (and properly managed and followed), you can easily mitigate any security issues and ensure that your critical data is as secure as it should be.