Defining Windows Server 2003 Security

The term Microsoft security was long considered, whether fairly or unfairly, to be an oxymoron. High-profile vulnerabilities and viruses that were exploited in Windows NT and Windows 2000 often made organizations wary of the security, or lack of security, that was built into Microsoft technologies. In direct response to this criticism, security in Windows Server 2003 became the major, if not the most important, priority for the development team. Subsequent revisions of Windows Server 2003, such as Service Pack 1 and R2, have taken security even further as well.

Security on the server level is one of the most important considerations for a network environment. Servers in an infrastructure not only handle critical network services, such as DNS, DHCP, directory lookups, and authentication, but they also serve as a central location for most, if not all, critical files in an organization's network. Subsequently, it is important to establish a server-level security plan and to gain a full understanding of the security capabilities of Windows Server 2003.

This chapter focuses on the server-side security mechanisms in Windows Server 2003. Particular emphasis is placed on the importance of keeping servers up to date with security patches through such enhancements as Software Update Services, a major improvement to Windows security. In addition, file-level security, physical security, and other critical server security considerations are presented.

Microsoft's "Trustworthy Computing" Initiative

On the heels of several high-profile viruses and security holes, Bill Gates developed what became known as the "Trustworthy Computing" initiative. The basics of the initiative boiled down to an increased emphasis on security in all Microsoft technologies. Every line of code in Windows Server 2003 was combed for potential vulnerabilities, and the emphasis was shifted from new functionality to security. What the initiative means to users of Microsoft technology is the fact that security has become a major priority for Microsoft, and Windows Server 2003 is the first major release that takes advantage of this increased security emphasis.

Common Language Runtime

All Microsoft code is verified through a process called common language runtime. It processes application code and automatically checks for security holes that can be caused by mistakes in programming. In addition, it scrutinizes security credentials that are used by specific pieces of code, making sure that they perform only those actions that they are supposed to. Through these techniques, the common language runtime effectively reduces the overall threat posed to Windows Server 2003 by limiting the potential for exploitations and vulnerabilities.

The Layered Approach to Server Security

Security works best when it is applied in layers. It is much more difficult to rob a house, for example, if a thief not only has to break through the front door, but also has to fend off an attack dog and disable a home security system. The same concept applies to server security: Multiple layers of security should be applied so that the difficulty in hacking into a system becomes exponentially greater.

Windows Server 2003 seamlessly handles many of the security layers that are required, utilizing Kerberos authentication, NTFS file security, and built-in security tools to provide for a great deal of security right out of the box. Additional security components require that you understand their functionality and install and configure their components. Windows Server 2003 makes the addition of extra layers of security a possibility, and positions organizations for increased security without sacrificing functionality.