Hands-on: Windows Longhorn Server Beta 2

Radical code revision focuses on security, system integrity and reliability.

1 2 3 4 5 Page 3
Page 3 of 5

Active Directory: Read-Only Domain Controllers

Longhorn Server introduces the concept of a read-only domain controller (RODC), which is great for branch offices and other locations where the machines hosting the domain controller role aren't able to be physically protected in the same way as a machine in datacenter might be. RODCs hold a read-only copy of Active Directory, which allows for the immediate benefits of faster log-ons and quicker authentication turnaround times for other network resources, as well as for long-term security benefits. No attacker can create changes in an easily accessible DC in a branch office that will then replicate up to the main tree at the corporate office, since the DC is read-only.

The RODC can also cache the credentials of branch-office users and, with just one contact to a regular, writeable domain controller up the tree, can directly service users' log-on requests. However, this caching is left off by default in the Password Replication Policy.

Security Improvements

Security problems have plagued Microsoft since the Windows inception, but only in the past few years, as more people have become connected, have those flaws been heavily exploited by malcontents. Some of the vulnerabilities in products that we see on so-called Patch Tuesdays are the results of poor design decisions. These types of flaws are the ones Microsoft is hoping to stamp out in the release of Longhorn Server.

You'll see quite a bit of change to the architecture of services in Windows Server 200x, including increasing the number of layers required to get to the kernel, segmenting services to reduce buffer overflows and reducing the size of the high-risk, privileged layers to make the attack surface smaller.

While fundamentally changing the design of the operating system, the Longhorn Server team has also included several features designed to eliminate security breaches and malware infestations, as well as capabilities meant to protect corporate data from leakage and interception. Let's take a look at some of the improvements currently in Beta 2.

Operating System File Protection

A new feature currently known as "operating system file protection" ensures the integrity of the boot process for your servers. Longhorn Server creates a validation key based on the kernel file in use, a specific hardware abstraction layer (HAL) for your system and drivers that start at boot time. If these files change after the key is created, the operating system will detect the changes at the next subsequent boot-up and halt the process so you can repair the problem.

Operating system file protection also extends to each binary image that resides of the disk drive. Operating system file protection in this mode consists of a file system filter driver that reads every page that is loaded into memory, checking its hashes and validating any image that attempts to load itself into a protected process, which are often the most sensitive to elevation attacks.

These hashes are stored in a specific system catalog, or in an X.509 certificate embedded within a secure file on the drive. If any of these tests result in failure, operating system file protection will halt the process to keep your machine secure. This is active protection against problematic malware.

BitLocker

The need for drive encryption has been a popular topic in a lot of security channels lately. In both Windows Vista and Longhorn Server, Microsoft has risen to the call by developing a feature called BitLocker. BitLocker is designed especially for scenarios where a thief may gain physical access to a hard drive. Without encryption, the hacker could simply boot another operating system or run a hacking tool and access files, completely bypassing the NTFS file-system permissions.

The Encrypting File System (EFS) in Windows 2000 Server and Windows Server 2003 went a step further, actually scrambling bits on the drive, but the keys to decrypt the files weren't as protected as they should have been. With BitLocker, the keys are stored within either a Trusted Platform Module chip on your system or a USB flash drive that you insert upon boot-up.

BitLocker is certainly complete: When enabled, the feature encrypts the entire Windows volume, including both user data and system files, the hibernation file, the page file and temporary files. The boot process itself is also protected by BitLocker -- it creates a hash based on the properties of individual boot files, so if one is modified and replaced by, for example, a Trojan horse file, BitLocker will catch the problem and prevent the boot. It's definitely a step up from the limitations of EFS and a significant improvement to system security over unencrypted drives.

Device Installation Control

Another security problem plaguing business everywhere is the proliferation of the Universal Serial Bus drive. No matter how secure you set your permissions on your file servers, no matter how good your document destruction capabilities are, and no matter what sort of internal controls you have on "eyes-only" documentation, a user can simply pop a thumb drive into any open USB port and copy data, completely bypassing your physical security.

These drives often contain very sensitive information that ideally should never leave the corporate campus, but they're just often found on lost keychains, inside computer bags left unattended in an airport lounge or in some equally dangerous location. The problem is significant enough that some business have taken to disabling USB ports by pouring hot glue into the actual ports. Effective, certainly, but also messy.

In Longhorn Server, an administrator will have the ability to block all new device installs, including USB thumb drives, external hard drives and other new devices. You can simply deploy a machine and allow no new devices to be installed. You'll also be able to set exceptions based on device class or device ID -- for example, to allow keyboards and mice to be added, but nothing else. Or you can allow specific device IDs, in case you've approved a certain brand of product to be installed, but no others. This is all configurable via Group Policy, and these policies are set at the computer level.

1 2 3 4 5 Page 3
Page 3 of 5
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon