1 / 30

Windows Server 2003 SP1 Technical Overview

Windows Server 2003 SP1 Technical Overview. John Howard, IT Pro Evangelist, Microsoft UK http://blogs.technet.com/jhoward. Agenda. Goals and Vision Security Enhancements Roadmap and Resources. Agenda. Goals and Vision Security Enhancements Roadmap and Resources. Key Customer Challenges.

xuefang
Download Presentation

Windows Server 2003 SP1 Technical Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows Server 2003 SP1Technical Overview John Howard, IT Pro Evangelist, Microsoft UK http://blogs.technet.com/jhoward

  2. Agenda • Goals and Vision • Security Enhancements • Roadmap and Resources

  3. Agenda • Goals and Vision • Security Enhancements • Roadmap and Resources

  4. Key Customer Challenges • Security • Securely configuring networks in a simplified way • Coping with malicious hackers, viruses and network attacks • Being prepared to face future security threats • Reliability • Minimise network downtime • Performance • Desire for increased performance

  5. Some ways security is addressed in SP1 • Support for “No Execute” hardware • Windows Firewall & Boot Time Security • Role based configuration and lockdown • IIS 6.0 metabase auditing • VPN Quarantine • Internet Explorer

  6. Agenda • Goals and Vision • Security Enhancements • Roadmap and Resources

  7. Security EnhancementsData Execution Prevention (DEP) • Hardware DEP • Processor support required • Software DEP • Functional on any process supporting Windows Server 2003 • Boot.ini “/noexecute=PolicyLevel” switch • OptIn • OptOut • AlwaysOn • AlwaysOff • GUI configuration through System Performance settings

  8. Security EnhancementsPost Setup Security Updates (PSSU) • Protects servers between first boot and application of most recent security updates • Opens on first admin login if Windows Firewall was not explicitly enabled using unattend script or Group Policy • Blocks inbound connections until customer clicks “Finish” on PSSU dialog box

  9. Security EnhancementsPost Setup Security Updates (PSSU) • Offers links to Windows Update • Opportunity to configure Automatic Updates • Re-opens if not completed before first restart • Forced closure (ALT+F4) does not change firewall • Tests to display PSSU again at next log on

  10. Security EnhancementsPost Setup Security Updates (PSSU) • Invoked during Slipstreamed installation • Not applied when • Windows Firewall is enabled or disabled through Group Policy before PSSU is displayed • Upgrade existing servers

  11. Security EnhancementsPost Setup Security Updates (PSSU)

  12. Security EnhancementsWindows Firewall • Enhancement to Internet Connection Firewall (ICF) • Not on by default • Except during PSSU • Can be configured during installation • Boot time security • Global Configuration • On with no exceptions • Multiple profiles • Integration with netsh command line utility

  13. Demo Windows Firewall

  14. Security EnhancementsSecurity Configuration Wizard (SCW) • Guided Attack Surface Reduction for Servers • Security Coverage • Roles-Based Metaphor • Disables Unnecessary Services • Disables Unnecessary IIS Web Extensions • Blocks unused Ports, inlcuding multi-homed scenarios • Helps Secure Ports that are left open using IPSEC • Reduces protocol exposure (LDAP, NTLM, SMB) • Configures Audit Setting with high Signal to Noise

  15. Security EnhancementsSecurity Configuration Wizard (SCW) • Install • Add/remove Windows Components • Unattended setup • Configuration saved to XML file • Command line support • Rollback capability • Analysis capability

  16. Demo Security Configuration Wizard

  17. Security EnhancementsInternet Explorer • Feature parity with XP SP2 • Zone elevation • Add-on management • Information bar • Pop-up management • Window restrictions • Download security

  18. RPC and DCOM EnhancementsDovetails with Windows XP SP2 • RPC attack surface reduced • New RPC registry keys • Allow server applications to restrict access to the interface, typically through a security call back • Enables application developers to more closely control access • Additional DCOM access control restrictions • Strengthening of DCOM authentication security model • Overall reduction of risk of a successful network attack • RPC and DCOM ports handled as a special case by Windows Firewall

  19. Security EnhancementsAccess Based Directory Enumeration • What it does • Hides directories based on access rights • Interfaces • GUI • Command line tool markShareforABDE.exe • Whitepaper on microsoft.com

  20. Demo Access Based Directory Enumeration

  21. Agenda • Goals and Vision • Security Enhancements • Roadmap and Resources

  22. Release Cycle ~ 4 years ~ 2 years Major Release Release Update Major Release Release Update Major Release Mainstream Service Packs & Updates Extended Support At least 5 years from major release At least 5 years

  23. 2009 2007 2005 Release Roadmap Windows Server “Longhorn R2” • Windows Server “Longhorn” • Windows Server 2003 Service Pack 1 • Windows Server 2003 x64 Editions • Windows Server Update Services • Windows Server “Longhorn” Beta • Windows Server 2003 “R2” • Windows Storage Server “R2”

  24. Resources • Windows Server 2003 Home Page http://www.microsoft.com/windowsserver2003/default.mspx • Windows Server 2003 SP1 Home Page http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1 • Technet TechCentre http://go.microsoft.com/?linkid=2503849

  25. Download locations Download centre http://go.microsoft.com/?linkid=2503850 Windows Update http://windowsupdate.microsoft.com

  26. Deployment Guidance Documentshttp://www.microsoft.com/security/guidance/ • How to deploy Windows Server 2003 SP1 in an Enterprise Infrastructure • How to configure and deploy Windows Firewall functionality centrally through Windows Server 2003 SP1 and Active Directory • How to deploy role-based secure Servers with Windows Server 2003 SP1 and Security Configuration Wizard • How to setup VPN Quarantine of users utilizing Windows Server 2003 SP1 • How to deploy VPN Quarantine in an Enterprise Infrastructure utilizing Windows Server 2003 SP1 • How to setup Secure Server Templates with Security Configuration Wizard in Windows Server 2003 SP1 • How to deploy Security Configuration Wizard Server Templates with Active Directory utilizing Windows Server 2003 

  27. Summary • SP1 provides significant security enhancements as well as reliability and performance improvements • Windows Server SP1 provides tools to reduce attack surface area • To maximize security/performance Windows Server, begin evaluating SP1 today • Exciting roadmap – complement to XP SP2, precursor to Windows Server 2003 R2 and Longhorn

  28. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

  29. © 2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

  30. Windows Server 2003 SP1Technical Overview John Howard, IT Pro Evangelist, Microsoft UK http://blogs.technet.com/jhoward

More Related