By eweek  |  Posted 2003-04-24 Print this article Print

Security The biggest security enhancement in Windows Server 2003 comes courtesy of the improved security model of IIS (Internet Information Services) —the Web server that has been the source of most of Windows 2000 Servers security woes. However, there are several other changes in Windows Server 2003 that should serve not only to make the Windows server itself more secure, but also to make it easier to secure other network resources. Microsoft Corp. officials claim that the biggest change in Windows Servers security isnt a new feature so much as a new philosophy. Windows Server 2003 is the first version of the platform to come out since the advent of Microsofts Trustworthy Computing initiative, the results of which mean that Windows Server 2003 will have fewer bugs and security problems, according to Microsoft.
Only time (no more than a year should do it) will tell.
In the meantime, our tests show that one of the most powerful new security features in Windows Server is Software Restriction Policies, which make it possible to prevent unauthorized code from running. In fact, we could prevent all but a few necessary trusted applications from running—very useful for vital servers that carry out specific functions. The improved Group Policy editing and templates capabilities made it easier to manage advanced security settings across systems or to build multiple profiles for systems. For example, on our test system with limited software permissions, we could build a policy to temporarily open up applications. This would be useful for updating necessary applications or fixing problems. Windows Server 2003 also includes Common Language Runtime, which checks for unauthorized code by checking for digital signatures, code origination and changes to code. The process of defining user and group permissions to objects and folders has also been refined, with more advanced permission options and a new Effective Permissions tab that let us quickly view all permissions allowed (see screen). Also new is a beefed-up version of Internet Connection Firewall found in Windows XP. Authentication options are improved significantly in this version of Windows Server. With Internet Authentication Server, Windows Server 2003 can function as a RADIUS server, providing greater management of virtual private network and dial-in remote access users. When combined with Windows Server 2003s support for Extensible Authentication Protocol, this will make authentication for wireless users much more effective. Windows Server 2003 also has more extensive support for secure authentication options, including public-key infrastructure and certificates, as well as technologies such as smart cards (see screen). —Jim Rapoza


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel