Chapter 5. Security Services

Businesses have extended the traditional local area network (LAN) by combining intranets , extranets, and Internet sites; as a result, increased system security is now more critical than ever before. To provide a secure computing environment, the Microsoft Windows Server 2003 family includes many important new security features and improves on the security features originally included in Microsoft Windows 2000 Server.

Viruses exist, and software security is an ongoing challenge. To address these facts, Microsoft has made Trustworthy Computing a key initiative for all its products. Trustworthy Computing is a framework for developing devices powered by computers and software that are as secure and trustworthy as the everyday devices and appliances you use at home. While no Trustworthy Computing platform exists today, the basic redesign of Windows Server 2003 is a solid step toward making this vision a reality.

The common language runtime (CLR) software engine is a key element of Windows Server 2003 that improves reliability and helps ensure a safe computing environment. It reduces the number of bugs and security holes caused by common programming mistakes ”as a result, there are fewer vulnerabilities for attackers to exploit. The CLR verifies that applications can run without error and checks for appropriate security permissions, making sure that code performs appropriate operations exclusively. It does this by checking where the code was downloaded or installed from, whether it has a digital signature from a trusted developer, whether it has been altered since it was digitally signed, and so forth.

As part of its commitment to reliable, secure, and dependable computing, Microsoft has reviewed every line of code underlying its Windows Server 2003 family as part of an enhanced effort to identify possible fail points and exploitable weaknesses.

This chapter discusses the tools and processes that deliver important security benefits to organizations deploying Windows Server 2003. These include authentication, access control, security policy, auditing, Active Directory, data protection, network data protection, public key infrastructure (PKI), and trusts.