- Windows Server 2008 R2 Defined
- When Is the Right Time to Migrate?
- Versions of Windows Server 2008 R2
- What's New and What's the Same About Windows Server 2008 R2?
- Changes in Active Directory
- Windows Server 2008 R2 Benefits for Administration
- Improvements in Security in Windows Server 2008 R2
- Improvements in Mobile Computing in Windows Server 2008 R2
- Improvements in Windows Server 2008 R2 for Better Branch Office Support
- Improvements for Thin Client Remote Desktop Services
- Improvements in Clustering and Storage Area Network Support
- Addition of Migration Tools
- Improvements in Server Roles in Windows Server 2008 R2
- Identifying Which Windows Server 2008 R2 Service to Install or Migrate to First
- Summary
- Best Practices
This chapter is from the book
This chapter is from the book
This chapter is from the book
Improvements in Security in Windows Server 2008 R2
Significantly more than just cosmetic updates are the security enhancements added to Windows Server 2008 R2. As organizations are struggling to ensure that their environments are secure, employees can depend on information privacy, and content is protected for regulatory compliance reasons; having the tools to secure the environment is critical.
Enhancing the Windows Server 2008 R2 Security Subsystem
Part IV of this book, "Security," is focused on security in the different core areas. Chapter 13 addresses core security subsystems of Windows Server 2008 R2 as it relates to server systems. This includes the basics of server hardening, patching, and updating but also extends into new server security areas added to Windows Server 2008 R2, such as device control level security, wireless access security, and Active Directory Rights Management Services (RMS). Windows Server 2008 R2 has continued the "secure by default" theme at Microsoft and no longer installs components like Internet Information Services (IIS) by default. The good part about it is that components that are not core to the operation of a server are not installed on the system; however, it means every time you install software, you need to add basic components and features. Getting to remember what has to be installed, configured, or made operational is important as servers are being built and added to a Windows Active Directory environment.
Transport Security Using IPSec and Certificate Services
Chapter 14, "Transport-Level Security," addresses site-to-site and server-to-server security, addressed through the implementation of IPSec encryption. Not new to Windows, IPSec has finally gotten several new Group Policy management components added to aid in the implementation and management of IPSec in the enterprise. Also not new to Windows, but something that has been greatly enhanced, is Microsoft's offering around Public Key Infrastructure (PKI), specifically Certificate Services. It seems like everything security related is somehow connected to certificates, whether that is file encryption using Encrypting File System (EFS), email encryption using S/MIME, remote mobile device synchronization using certificate access, or transport security using IPSec. Everything needs a certificate, and the ability of an organization to easily create and manage certificates is the focus of Chapter 14.
Security Policies, Policy Management, and Supporting Tools for Policy Enforcement
Completely new to Windows Server 2008, updated in Windows Server 2008 R2, and a major focus for organizations are security policies and policy management around security systems. It used to be we would just lock down systems, make sure they were secure by default, and use our best judgment and best effort to secure a network. However, with laws and regulations, or even human resource departments getting involved in information security, the root of all IT security practices fall on having set security policies defined so that IT can implement technologies to address the organization policies around information security. This is covered in detail in Chapter 15, "Security Policies, Network Policy Server, and Network Access Protection."
Chapter 15 goes beyond the policies and common best practices around policy management in an enterprise, and also digs into the underlying technologies that help organizations turn security policies into IT-managed technology services. Tools like the Network Policy Server in Windows Server 2008 R2 allow policies to be defined, and the Network Policy Server enforces those policies, specifically around remote logon access, access over wireless network connections, or the integration of Network Access Protection (NAP) in querying a device and making sure the device (desktop, laptop, or mobile device) has the latest patches, updates, and antivirus software dictated by management to ensure a device is secure.