300 likes | 481 Views
Agenda. Server Core OverviewServer Core Supported Roles and FeaturesServer Core Management OptionsWindows Firewall with Advanced SecurityServer and Domain IsolationNetwork Access ProtectionGroup Policy Enhancements. Server Core Overview. Windows Server is frequently deployed to support a singl
E N D
2. {Windows Server 2008 Security Features} Daniel Petri
MVP, Senior IT Consultant
www.petri.co.il
daniel@petri.co.il
3. Agenda Server Core Overview
Server Core Supported Roles and Features
Server Core Management Options
Windows Firewall with Advanced Security
Server and Domain Isolation
Network Access Protection
Group Policy Enhancements
4. Server Core Overview Windows Server is frequently deployed to support a single role or a fixed workload
However, you must deploy and service all of Windows Server, along with tons of functions, features, files, services and other binaries that are probably not needed for the specific function of that server.
5. Server Core Overview Server Core is:
A minimal installation option for Windows Server 2008
Command Line interface, no GUI Shell
Included in the following Windows Server 2008 SKUs
Web
Standard
Enterprise
Datacenter
Available for x86 and x64
Same binaries as full version
Windows directory
Full: 6 GB, 35K files
Core: 1.5 GB 13K files
6. Server Core Benefits Reduced maintenance
Because the Server Core installation option installs only what is required to have a manageable server for the specific roles, less maintenance is required than on a full installation of Windows Server 2008.
Reduced attack surface
Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.
7. Server Core Benefits Reduced management
Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage.
Less disk space required
A Server Core installation requires only about 1 GB of disk space to install and approximately 2 GB for operations after the installation.
8. Server Core Benefits Server Core reduces the patches required
Servicing burden is reduced by removing components that are most often serviced
Windows 2000 is ~60% reduction
Windows Server 2003 is ~40% reduction
Not an application platform
No .NET
9. Supported Roles
10. Supported Features
11. Installing Server Core
12. Management Options
13. To Do List
14. Windows Firewall with Advanced Security
15. Windows Firewall with Advanced Security
16. Server and Domain Isolation Server and Domain Isolation creates a layer of end-to-end protection that can greatly reduce the risk of costly malicious attacks and unauthorized access to your networked resources.
SDI is based on IPSec and GPO.
Enables you to dynamically segment your Windows environment into more secure and isolated logical networks.
SDI allows you to limit access to only authenticated and authorized users.
17. Server and Domain Isolation
18. Network Access Protection The problem:
One of the most time-consuming challenges that administrators face is ensuring that computers that connect to private network assets are up to date and meet health policy requirements. This complex task is commonly referred to as maintaining computer health.
Failure to keep computers that connect to the network up to date is one of the most common ways to jeopardize the integrity of a network.
19. Network Access Protection The solution:
Network Access Protection for Windows Server 2008, Windows Vista and Windows XP SP3 provides components and an application programming interface (API) set that help administrators enforce compliance with health policies for network access or communication.
20. Network Access Protection NAP helps provide a solution for the following common scenarios:
Verifying the health state of roaming laptops
Verifying the health state of desktop computers
Verifying the health state of visiting laptops
Verifying the health state of unmanaged home computers
21. Network Access Protection Note:
Network Access Protection is not designed to secure a network from malicious users. It is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the network’s overall integrity.
22. Network Access Protection
23. Group Policy Enhancements Over 700 new settings
Power options, Removable media, Windows Firewall configuration, Printer management …
Transition to ADMX files
ADMX + ADML
Additional management features
Add comments to individual GPOs and settings
Search and filter on settings and comments
Create Starter GPOs for easier reuse
Alphabetic listing of all Administrative Templates settings
24. Group Policy Preference (which is basically PolicyMaker integrated into the GPO Editor) Group Policy Preferences
25. Group Policy Preferences allow administrators to configure and deploy Windows and application settings that were previously unavailable using Group Policy.
You can also manage Group Policy Preferences from a Windows Vista Service Pack 1 computer by installing the Remote Server Administration Tools (RSAT), which included the updated version of GPMC. Group Policy Preferences
26. Some of the benefits of using Group Policy Preferences in your environment:
Improving IT Productivity
Reducing Need for Logon Scripts
Limiting Configuration Errors
Enhancing End-User Satisfaction
Minimizing Image Maintenance
Reducing Overall Image Count Group Policy Preferences
27. The Client-Side Extensions for GP Preferences are included in Windows Server 2008, and down-level versions will be available as a separate download for:
Windows XP Service Pack 2 and above
Windows Vista RTM and above
Windows Server 2003 SP1 and above Group Policy Preferences
28. Key take aways Windows Server 2008 is the most secure platform ever developed by Microsoft, allowing administrators superior control over their environments and of services running on the servers.
29. Thank you! Questions? Daniel Petri
dpetri@johnbryce.co.il
www.petri.co.il