Académique Documents
Professionnel Documents
Culture Documents
3. S 33S /% the We# server #undled with Server 2008% is a #i! u&!rade from the &revious version. 7$here are si!nificant chan!es in terms of security and the overall im&lementation which make this version very attractive%7 said ar# 6oldworm% &resident and chief analyst at oulder% 9olorado-#ased 1ocus 9onsultin!. :ne new feature !ettin! a lot of attention is the a#ility to dele!ate administration of servers <and sites= to site admins while restrictin! their &rivile!es. !. Role"based installation 2ole-#ased installation is a less e"treme version of Server 9ore. (lthou!h it was included in 200@% it is far more com&rehensive in this version. $he conce&t is that rather than confi!urin! a full server install for a &articular role #y uninstallin! unnecessary com&onents <and installin! needed e"tras=% you sim&ly s&ecify the role the server is to &lay% and Windows will install what's necessary A nothin! more. $his makes it easy for anyone to &rovision a &articular server without increasin! the attack surface #y includin! unwanted com&onents that will not do anythin! e"ce&t &resent a security risk. #. Read $nly %o&ain Controllers 'R$%C( 3t's hardly news that #ranch offices often lack skilled 3$ staff to administer their servers% #ut they also face another% less talked a#out &ro#lem. While cor&orate data centers are often &hysically secured% servers at #ranch offices rarely have the same &hysical security &rotectin! them. $his makes them a convenient launch &ad for attacks #ack to the main cor&orate servers. 2:89 &rovides a way to make an (ctive 8irectory data#ase read-only. $hus% any mischief carried out at the #ranch office cannot &ro&a!ate its way #ack to &oison the (ctive 8irectory system as a whole. 3t also reduces traffic on W(N links. ). *n+an,ed ter&inal servi,es $erminal services has #een #eefed u& in Server 2008 in a num#er of ways. $S 2emote(&& ena#les remote users to access a centrali'ed a&&lication <rather than an entire deskto&= that a&&ears to #e runnin! on the local com&uter's hard drive. $hese a&&s can #e accessed via a We# &ortal or directly #y dou#le-clickin! on a correctly confi!ured icon on the local machine. $S 6ateway secures sessions% which are then tunnelled over htt&s% so users don't need to use a .?N to use 2emote(&&s securely over the 3nternet. >ocal &rintin! has also #een made si!nificantly easier. -. .etwor/ 0,,ess Prote,tion +icrosoft's system for ensurin! that clients connectin! to Server 2008 are &atched% runnin! a firewall and in com&liance with cor&orate security &olicies A and that those that are not can #e remediated A is useful. ,owever% similar functionality has #een and remains availa#le from third &arties. 8. Bitlo,/er System drive encry&tion can #e a sensi#le security measure for servers located in remote #ranch offices or anywhere where the &hysical security of the server is su#-o&timal. itlocker encry&tion &rotects data if the server is &hysically removed or #ooted from remova#le media into a different o&eratin! system that mi!ht otherwise !ive an intruder access to data which is &rotected in a Windows environment. (!ain% similar functionality is availa#le from third-&arty vendors. 1. Windows PowerS+ell +icrosoft's new<ish= command line shell and scri&tin! lan!ua!e has &roved &o&ular with some server administrators% es&ecially those used to workin! in >inu" environments.
3ncluded in Server 2008% ?owerShell can make some )o#s quicker and easier to &erform than !oin! throu!h the 643. (lthou!h it mi!ht seem like a ste& #ackward in terms of user friendly o&eration% it's one of those features that once you've !otten used to it% you'll never want to !ive u&. 10. Better se,urity We've already mentioned various security features #uilt into Server 2008% such as the a#ility to reduce attack surfaces #y runnin! minimal installations% and s&ecific features like it>ocker and N(?. Numerous other little touches make Server 2008 more secure than its &redecessors. (n e"am&le is (ddress S&ace >oad 2andomi'ation A a feature also &resent in .ista A which makes it more difficult for attackers to carry out #uffer overflow attacks on a system #y chan!in! the location of various system services each time a system is run. Since many attacks rely on the a#ility to call &articular services #y )um&in! to &articular locations% address s&ace randomi'ation can make these attacks much less likely to succeed. 3t's clear that with Server 2008 +icrosoft is treadin! the familiar &ath of addin! features to the o&eratin! system that third &arties have &reviously #een &rovidin! as se&arate &roducts. (s far as the core server &roduct is concerned% much is new. Bust #ecause some technolo!ies have #een availa#le elsewhere doesn't mean they've actually #een im&lemented. ,avin! them as &art of the o&eratin! system can #e very convenient% indeed. 3f you're runnin! Server 200@ then% now is the time to start makin! &lans to test Server 2008 A you're almost #ound to find somethin! you like. Whether you decide to im&lement it% and when% is u& to you.