Review: Much to like in Windows Server 2008

1 2 3 4 5 6 7 8 Page 4
Page 4 of 8

Finally, there is also the TS Web Access feature, which lets administrators publicly display available TS Remote Programs on a Web page. This works with the Terminal Services RemoteApp feature. Users can browse the list for the application they want to run, click on it, and then be seamlessly embedded in the application -- using all the features of TS Remote Programs -- while retaining the ability to launch other programs from the same Web Access site. The service is smart enough to know that multiple programs launched by the same user should reside in the same Terminal Services session, making resource management a bit simpler, and you can even integrate TS Web Access within SharePoint sites using an included Web part.

Active Directory: Read-only domain controllers

Windows Server 2008 introduces the concept of a read-only domain controller (RODC), which is great for branch offices and other locations where the machines hosting the domain controller role can't be physically protected in the same way as a machine in data center might be. RODCs hold a read-only copy of Active Directory, which allows for the immediate benefits of faster logons and quicker authentication turnaround times for other network resources, but also for the long-term security benefits. No attacker can create changes in an easily accessible DC in a branch office that will then replicate up to the main tree at the corporate office, since the DC is read-only. The RODC can also cache the credentials of branch office users and, with just one contact to a regular, writeable domain controller up the three, can directly service users' logon requests -- however, this caching is left off by default in the Password Replication Policy for security reasons.

Thumbs up for this feature, too.

Security enhancements

Security problems have plagued Microsoft since the Windows inception, but only in the last few years, as more people have become connected, have those flaws been exploited by malcontents. Indeed, some of the vulnerabilities in products that we see patches for on "Patch Tuesdays" are the results of poor design decisions. These types of flaws are the ones Microsoft is hoping to stamp out in the release of Windows Server 2008.

You'll see quite a bit of change to the architecture of services in Windows Server 2008, including increasing the number of layers required to get to the kernel, segmenting services to reduce buffer overflows and reducing the size of the high-risk, privileged layers to make the attack surface smaller.

While fundamentally changing the design of the operating system, the Windows Server 2008 team has also included several features designed to eliminate security breaches and malware infestations, as well as capabilities meant to protect corporate data from leakage and interception. Let's take a look at some of the improvements.

Operating system file protection

A new feature ensures the integrity of the boot process for your servers. Windows Server 2008 creates a validation key based on the kernel file in use, a specific hardware abstraction layer for your system and drivers that start at boot time. If at any subsequent boot these files change after this key is created, the operating system will know and halt the boot process so you can repair the problem.

Operating system file protection also extends to each binary image that resides on the disk drive. OS file protection in this mode consists of a file system filter driver that reads every page that is loaded into memory, checking its hashes and validating any image that attempts to load itself into a protected process (processes that are often the most sensitive to elevation attacks). These hashes are stored in a specific system catalog, or in an X.509 certificate embedded within a secure file on the drive. If any of these tests result in failure, OS file protection will halt the process to keep your machine secure. This is active protection against problematic malware.

1 2 3 4 5 6 7 8 Page 4
Page 4 of 8
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon