1 / 30

{Windows Server 2008 Security Features}

Agenda. Server Core OverviewServer Core Supported Roles and FeaturesServer Core Management OptionsWindows Firewall with Advanced SecurityServer and Domain IsolationNetwork Access ProtectionGroup Policy Enhancements. Server Core Overview. Windows Server is frequently deployed to support a singl

zitomira
Download Presentation

{Windows Server 2008 Security Features}

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    2. {Windows Server 2008 Security Features} Daniel Petri MVP, Senior IT Consultant www.petri.co.il daniel@petri.co.il

    3. Agenda Server Core Overview Server Core Supported Roles and Features Server Core Management Options Windows Firewall with Advanced Security Server and Domain Isolation Network Access Protection Group Policy Enhancements

    4. Server Core Overview Windows Server is frequently deployed to support a single role or a fixed workload However, you must deploy and service all of Windows Server, along with tons of functions, features, files, services and other binaries that are probably not needed for the specific function of that server.

    5. Server Core Overview Server Core is: A minimal installation option for Windows Server 2008 Command Line interface, no GUI Shell Included in the following Windows Server 2008 SKUs Web Standard Enterprise Datacenter Available for x86 and x64 Same binaries as full version Windows directory Full: 6 GB, 35K files Core: 1.5 GB 13K files

    6. Server Core Benefits Reduced maintenance Because the Server Core installation option installs only what is required to have a manageable server for the specific roles, less maintenance is required than on a full installation of Windows Server 2008. Reduced attack surface Because Server Core installations are minimal, there are fewer applications running on the server, which decreases the attack surface.

    7. Server Core Benefits Reduced management Because fewer applications and services are installed on a server running the Server Core installation, there is less to manage. Less disk space required A Server Core installation requires only about 1 GB of disk space to install and approximately 2 GB for operations after the installation.

    8. Server Core Benefits Server Core reduces the patches required Servicing burden is reduced by removing components that are most often serviced Windows 2000 is ~60% reduction Windows Server 2003 is ~40% reduction Not an application platform No .NET

    9. Supported Roles

    10. Supported Features

    11. Installing Server Core

    12. Management Options

    13. To Do List

    14. Windows Firewall with Advanced Security

    15. Windows Firewall with Advanced Security

    16. Server and Domain Isolation Server and Domain Isolation creates a layer of end-to-end protection that can greatly reduce the risk of costly malicious attacks and unauthorized access to your networked resources. SDI is based on IPSec and GPO. Enables you to dynamically segment your Windows environment into more secure and isolated logical networks. SDI allows you to limit access to only authenticated and authorized users.

    17. Server and Domain Isolation

    18. Network Access Protection The problem: One of the most time-consuming challenges that administrators face is ensuring that computers that connect to private network assets are up to date and meet health policy requirements. This complex task is commonly referred to as maintaining computer health. Failure to keep computers that connect to the network up to date is one of the most common ways to jeopardize the integrity of a network.

    19. Network Access Protection The solution: Network Access Protection for Windows Server 2008, Windows Vista and Windows XP SP3 provides components and an application programming interface (API) set that help administrators enforce compliance with health policies for network access or communication.

    20. Network Access Protection NAP helps provide a solution for the following common scenarios: Verifying the health state of roaming laptops Verifying the health state of desktop computers Verifying the health state of visiting laptops Verifying the health state of unmanaged home computers

    21. Network Access Protection Note: Network Access Protection is not designed to secure a network from malicious users. It is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the network’s overall integrity.

    22. Network Access Protection

    23. Group Policy Enhancements Over 700 new settings Power options, Removable media, Windows Firewall configuration, Printer management … Transition to ADMX files ADMX + ADML Additional management features Add comments to individual GPOs and settings Search and filter on settings and comments Create Starter GPOs for easier reuse Alphabetic listing of all Administrative Templates settings

    24. Group Policy Preference (which is basically PolicyMaker integrated into the GPO Editor) Group Policy Preferences

    25. Group Policy Preferences allow administrators to configure and deploy Windows and application settings that were previously unavailable using Group Policy. You can also manage Group Policy Preferences from a Windows Vista Service Pack 1 computer by installing the Remote Server Administration Tools (RSAT), which included the updated version of GPMC. Group Policy Preferences

    26. Some of the benefits of using Group Policy Preferences in your environment: Improving IT Productivity Reducing Need for Logon Scripts Limiting Configuration Errors Enhancing End-User Satisfaction Minimizing Image Maintenance Reducing Overall Image Count Group Policy Preferences

    27. The Client-Side Extensions for GP Preferences are included in Windows Server 2008, and down-level versions will be available as a separate download for: Windows XP Service Pack 2 and above Windows Vista RTM and above Windows Server 2003 SP1 and above Group Policy Preferences

    28. Key take aways Windows Server 2008 is the most secure platform ever developed by Microsoft, allowing administrators superior control over their environments and of services running on the servers.

    29. Thank you! Questions? Daniel Petri dpetri@johnbryce.co.il www.petri.co.il

More Related