The next generation of Microsofts Windows based server code named Longhorn, and now officially released as Windows

Server 2008, is the next in line successor to Windows Server 2003 !s with Microsofts latest client "S #ista, Server 200$ offers a variety of security enhancements including, an im%roved firewall, hard drive encry%tion, ex%anded !ctive &irectory controls, 'S# security %rogrammability, networ( access controls as well as a host of other u%dated and im%roved security technologies )rogrammed from the same code base, Server 200$ and #ista offer a server*client environment that is secure out of the box but also %rovides administrators with the tools and technologies to harden and manage security in todays fast changing distributed networ(ed landsca%e

1. New and Improved Windows Firewall and Advanced Securit Features

Server 200$ includes the new and enhanced version of Windows Firewall a vastly im%roved %ac(age over the original Windows +irewall first distributed in ,) S)2 Microsoft has given administrators a fully functional stateful host based firewall solution which allows for advanced configurations 'ncoming and outgoing filters can be configured against advanced rule sets to filter source and destination address, %orts, services, %rotocols and even interfaces The firewall is %reconfigured out of the box to deny all non-sourced re.uests from the outside networ( and to allow all outbound traffic !lthough you can configure basic settings via the control %anel as with the %revious Windows +irewall, you cannot access the advanced configuration !dvanced configuration tas(s must be com%leted using the MM/ sna%-in, named Windows Firewall with Advanced Securit The sna%-in is available via the !dministrative Tools !dvanced security features include full integration with !ctive &irectory users and grou%s, and also remote client configuration via both the sna%-in and command line !lso new to the Windows +irewall is ')sec integration which ma(es for a much sim%ler ')sec configuration and avoids conflicts with firewall rules, since both are %rogrammed via the same interface

2. !itLoc"er # $he %uest &or Securit and 'rotection

"n the fly drive encry%tion is the latest technology in the .uest for secure com%uting and data %rotection Windows Server 200$ included !itLoc"er (rive )ncr ption utility which combines two (ey technologies for the %rotection of sensitive data, drive encry%tion and boot integrity chec(ing While servers are not as ex%osed to %hysical hardware theft as a mobile com%uter there are still many instances where hardware loss and data theft can occur, such as with hardware re%airs, or loss during business relocation 0itloc(ers allows administrators to encry%t the entire "S volume as well as any data volumes %resent on the server, but the "S and data volumes cannot be decry%ted se%arately1 if the "S volume is unloc(ed so are the data volumes !lso, it is im%ortant to note that 0itloc(er only has the ca%ability to encry%t logical drives, not %hysical drives 0itloc(er however, is not installed by default with Windows Server 200$, but may not be desirable in some server environments1 it also does not su%%ort cluster configurations 0itloc(ers integration with the Trusted )latform Module s%ecification %rovides offline tam%er %roof integrity on a hardware level 0itloc(er configuration is %rovided by a sim%le to use wi2ard !dministrators can also use the Windows Management 'nstrumentation 3WM'4 interface which also su%%orts scri%ting ! recovery console allows su%%ort %ersonal to easily gain access to a loc(ed system using the a%%ro%riate (eys or %in numbers

*. NA' # $he +hallenge o& ,eeping a -ealth Networ"

'n todays connected and mobile environments (ee%ing unsecured com%uters from accessing and %ossibly infecting the internal networ(s of a business is a constant challenge Networ" Access 'rotection .NA'/ is a new %latform that allows administrators to dynamically control com%uter networ( access restricted by a set of administrator defined system health rules 5!) offers a three %ronged a%%roach6

-ealth State 0alidation - by defining and validating system for any com%uter connecting to the networ( -ealth 'olic +ompliance - by offering resources to allow com%uters to meet health re.uirements Limited Access - by offering restricted networ( resource access to com%uters that are noncom%liant and unable to u%date to meet re.uirements

5!) greatly reduces the wor(load of (ee%ing in-house com%uters u% to date with the latest security a%%lications 't also allows visiting and remote com%uters to access networ( resources while mitigating %ossible security breaches because of the un(nown health status of outside or transient com%uters systems

1. ASL2 and Additional )nhanced Securit Features

Address Space La out 2andomi3ation .ASL2/ is a security %rogramming mechanism that guards against the all too common buffer over run ex%loits 'n a nutshell !S78 randomi2es where code loads into memory The effect is to ma(e any ex%loit that re.uires the memory load location of an executable ineffective, because the attac( code has no way to %redict the memory location where the targeted binary will load !S78 is used on many different "S environments and is seen as an effective security defense 'n addition, !S78 is enabled by default in Windows #ista and Windows Server 200$ "ther security enhancements integrated in Windows Server 200$ include an enhanced !ctive &irectory which features im%roved identity, certificate and rights management, and domain control mode for remote domain servers There is also an im%roved Terminal Service with the ability to share single a%%lications rather than the entire des(to% and allow secure remote connections via htt%s 'm%roved ''S security features and su%%ort for 29:-bit !;S encry%tion for the <erberos authentication %rotocol are also included "verall the new "S from Microsoft offers much needed enhanced security features Microsoft %rogrammers have addressed many shortcomings of %revious "S releases and at the same time im%roved usability and stability