Executive Overview
Published: June 1, 2008 | Updated: February 27, 2008
IT security is everybody's business. Every day, adversaries are attempting to invade your networks and access your servers to bring them down, infect them with viruses, or steal information about your customers or employees. Attacks come from all directions: from onsite employee visits to Web sites infected with malware, to offsite employee connections through VPNs, branch office network connections to corporate servers, or direct assaults on vulnerable computers or servers in your network. Organizations of all sizes now also face more complex and demanding audit requirements. You know first hand how essential your servers are to keeping your organization up and running. The data they house and the services they provide are your organization’s lifeblood. It’s your job to stand guard over these essential assets, prevent them from going down or falling victim to attacks from outside and inside your organization, and to prove to auditors that you have taken all reasonable steps to secure your servers. Windows Server® 2008 is engineered from the ground up with security in mind, delivering an array of new and improved security technologies and features that provide a solid foundation for running and building your business. To help you quickly configure, deploy, and manage the security settings in Windows Server 2008 across your organization, Microsoft is developing the Windows Server 2008 Security Guide. This guidance is designed to further enhance the security of the servers in your organization by taking full advantage of the security features and options in Windows Server 2008. The team is producing a prescriptive security guide you can rely on that is:
How Does the Windows Server 2008 Security Guide Help Secure Your Business?The Windows Server 2008 Security Guide describes how to structure your environment based on best practices to maintain an appropriate level of security while allowing you to minimize the total cost of securing your IT environment. Our guidance is based on extensive, real-world experience from customers, government agencies, and Microsoft security experts. Because increasing security always results in a trade off between cost and functionality, the guide prescribes security settings that are appropriate for most business enterprise environments. The guide also prescribes a second group of security settings that are appropriate for environments that require increased security with more central control. These options give your organization the choice to either harden a general computing environment or choose to establish a more "locked down" environment where concern for security is so great that it outweighs a potential loss of functionality. Both security setting configurations have been thoroughly tested in Microsoft labs, and validated by customers and partners under real-world conditions. You can implement the baseline security settings immediately, which helps to reduce the time and expense you need to invest, and you also can easily tailor the configuration you choose by modifying any of the security settings to accommodate the unique needs of your organization. Deploy Your Security Baseline Quickly and ReliablyThe powerful GPOAccelerator tool is available as a separate download to enable you to automatically deploy a tested configuration of Group Policy security settings across your organization — in minutes, instead of hours or days. The tool creates all of the Group Policy objects (GPOs) you need to deploy the security configuration you choose. The tool also eliminates many manual steps in the deployment process to give you faster and more reliable results. With more than 200 security and privacy setting options, you can fine-tune your deployment of Windows Server 2008, balancing your organization’s needs for security and functionality. Harden Your Server WorkloadsThis security guide also includes detailed guidance on how to further harden Windows Server 2008. While Windows Server 2008 is designed from the ground up to be "secure," there are two important aspects to consider:
The guide provides settings for several different server "workloads," including servers that perform as domain controllers, and others that provide DNS, DHCP, Web, File, and Print services. The tested guidance describes how to harden key services like Active Directory® Certificate Services (AD CS), Network Access Services, and Terminal Services. Security Setting RecommendationsThe security guide includes a comprehensive technical reference that explains what each prescribed security setting in the Windows Server 2008 Security Guide does, provides recommended configurations, and identifies the threats that each setting mitigates. The Windows Server 2008 Security Guide Settings workbook lists all of the prescribed settings for each of the preconfigured security baselines that the guide prescribes. The Windows Server 2008 Attack Surface Reference workbook also provides you with another valuable reference. Windows Server 2008 Security BenefitsWindows Server 2008 has been designed from the beginning with security fully in mind. Use the information and settings provided in the Windows Server 2008 Security Guide to maximize your benefit from these features and benefits. Some of the primary new security benefits in the operating system allow your organization to:
More InformationFor more information about Windows Server 2008 and the security guide, see the following resources:
|
|