Windows Server® 2008 Security Guide Executive Overview Version 1.1 Published: June 2007 | Updated: February 2008 For the latest information, please see microsoft.com/wssg
Copyright © 2008 Microsoft Corporation. All rights reserved. Complying with the applicable copyright laws is your responsibility. By using or providing feedback on this documentation, you agree to the license agreement below.
If you are using this documentation solely for non-commercial purposes internally within YOUR company or organization, then this documentation is licensed to you under the Creative Commons AttributionNonCommercial License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc/2.5/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
This documentation is provided to you for informational purposes only, and is provided to you entirely "AS IS". Your use of the documentation cannot be understood as substituting for customized service and information that might be developed by Microsoft Corporation for a particular user based upon that user’s particular environment. To the extent permitted by law, MICROSOFT MAKES NO WARRANTY OF ANY KIND, DISCLAIMS ALL EXPRESS, IMPLIED AND STATUTORY WARRANTIES, AND ASSUMES NO LIABILITY TO YOU FOR ANY DAMAGES OF ANY TYPE IN CONNECTION WITH THESE MATERIALS OR ANY INTELLECTUAL PROPERTY IN THEM.
Microsoft may have patents, patent applications, trademarks, or other intellectual property rights covering subject matter within this documentation. Except as provided in a separate agreement from Microsoft, your use of this document does not give you any license to these patents, trademarks or other intellectual property.
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, email addresses, logos, people, places and events depicted herein are fictitious.
Microsoft, Active Directory, and Windows Server 2008 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
You have no obligation to give Microsoft any suggestions, comments or other feedback ("Feedback") relating to the documentation. However, if you do provide any Feedback to Microsoft then you provide to Microsoft, without charge, the right to use, share and commercialize your Feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software or service that includes the Feedback. You will not give Feedback that is subject to a license that requires Microsoft to license its software or documentation to third parties because we include your Feedback in them.
Executive Overview: Windows Server 2008 Security Guide IT security is everybody's business. Every day, adversaries are attempting to invade your networks and access your servers to bring them down, infect them with viruses, or steal information about your customers or employees. Attacks come from all directions: from onsite employee visits to Web sites infected with malware, to offsite employee connections through VPNs, branch office network connections to corporate servers, or direct assaults on vulnerable computers or servers in your network. Organizations of all sizes now also face more complex and demanding audit requirements. You know first hand how essential your servers are to keeping your organization up and running. The data they house and the services they provide are your organization’s lifeblood. It’s your job to stand guard over these essential assets, prevent them from going down or falling victim to attacks from outside and inside your organization, and to prove to auditors that you have taken all reasonable steps to secure your servers. Windows Server® 2008 is engineered from the ground up with security in mind, delivering an array of new and improved security technologies and features that provide a solid foundation for running and building your business. To help you quickly configure, deploy, and manage the security settings in Windows Server 2008 across your organization, Microsoft is developing the Windows Server 2008 Security Guide. This guidance is designed to further enhance the security of the servers in your organization by taking full advantage of the security features and options in Windows Server 2008. The team is producing a prescriptive security guide you can rely on that is: • Proven. Based on field Experience. • Authoritative. Offers the best advice available. • Accurate. Technically validated and tested. • Actionable. Provides the specific steps to success. • Relevant. Addresses real-world security concerns. • Supported. Recommendations are fully supported by Microsoft Product Support.
Executive Overview: Windows Server 2008 Security Guide3
1
How Does the Windows Server 2008 Security Guide Help Secure Your Business? The Windows Server 2008 Security Guide describes how to structure your environment based on best practices to maintain an appropriate level of security while allowing you to minimize the total cost of securing your IT environment. Our guidance is based on extensive, real-world experience from customers, government agencies, and Microsoft security experts. Because increasing security always results in a trade off between cost and functionality, the guide prescribes security settings that are appropriate for most business enterprise environments. The guide also prescribes a second group of security settings that are appropriate for environments that require increased security with more central control. These options give your organization the choice to either harden a general computing environment or choose to establish a more "locked down" environment where concern for security is so great that it outweighs a potential loss of functionality. Both security setting configurations have been thoroughly tested in Microsoft labs, and validated by customers and partners under real-world conditions. You can implement the baseline security settings immediately, which helps to reduce the time and expense you need to invest, and you also can easily tailor the configuration you choose by modifying any of the security settings to accommodate the unique needs of your organization.
Deploy Your Security Baseline Quickly and Reliably The powerful GPOAccelerator tool is available as a separate download to enable you to automatically deploy a tested configuration of Group Policy security settings across your organization — in minutes, instead of hours or days. The tool creates all of the Group Policy objects (GPOs) you need to deploy the security configuration you choose. The tool also eliminates many manual steps in the deployment process to give you faster and more reliable results. With more than 200 security and privacy setting options, you can fine-tune your deployment of Windows Server 2008, balancing your organization’s needs for security and functionality.
Harden Your Server Workloads This security guide also includes detailed guidance on how to further harden Windows Server 2008. While Windows Server 2008 is designed
2
Windows Server 2008 Security Guide
from the ground up to be "secure," there are two important aspects to consider: • First, it is important to maintain your configuration. By applying the baseline security settings, the secure defaults are reinforced. • Second, each organization must choose the appropriate level of security versus functionality. By reviewing our guidance, you can determine if the default is too restrictive, not secure enough or "just right" for your organization. The guide provides settings for several different server "workloads," including servers that perform as domain controllers, and others that provide DNS, DHCP, Web, File, and Print services. The tested guidance describes how to harden key services like Active Directory® Certificate Services (AD CS), Network Access Services, and Terminal Services.
Security Setting Recommendations The security guide includes a comprehensive technical reference that explains what each prescribed security setting in the Windows Server 2008 Security Guide does, provides recommended configurations, and identifies the threats that each setting mitigates. The Windows Server 2008 Security Guide Settings workbook lists all of the prescribed settings for each of the preconfigured security baselines that the guide prescribes. The Windows Server 2008 Attack Surface Reference workbook also provides you with another valuable reference.
Windows Server 2008 Security Benefits Windows Server 2008 has been designed from the beginning with security fully in mind. Use the information and settings provided in the Windows Server 2008 Security Guide to maximize your benefit from these features and benefits. Some of the primary new security benefits in the operating system allow your organization to: • Protect your network against unauthorized or unhealthy computers. Network Access Protection helps to protect your network by enforcing customized health requirement policies on computers, automatically updating computers to meet compliance requirements, and optionally confining noncompliant computers to a restricted network until they meet the network access requirements of your organization. • Deploy small footprint specialized servers. Server Core, a minimal server installation option, enables you to only install core functionality to limit exposure and reduce management overhead. • Secure server communication. Windows Server Firewall with Advanced Security combines firewall and Internet Protocol security (IPsec)
Executive Overview: Windows Server 2008 Security Guide3
•
• •
•
2
management into one tool so that you can more easily manage secure communication. Improve branch office security. The new Read-Only Domain Controller (RODC) configuration option helps to protect Active Directory Domain Services (AD DS) if the branch office domain controller is compromised. Reduce server attack surfaces. Workload-based roles and components allow you to deploy only the server roles you need with more security and less attack surface. Control service security. Windows Service Hardening helps protect critical server services from being compromised by abnormal activity in the file system, registry, or network. Each service in Windows Server 2008 is designed with reduced privilege and has been "profiled" to access only specific files, registry entries or network interfaces to limit any damage if a service is compromised. Provide best-of-breed data encryption. Cryptography Next Generation (CNG) implements the Suite B cryptographic algorithms defined by the United States government. Suite B includes algorithms for data encryption, digital signatures, key exchange, and hashing. CNG also allows third parties, such as smart card vendors, to "plug in" to the infrastructure with less effort and expense.
More Information For more information about Windows Server 2008 and the security guide, see the following resources: • Windows Server 2008 Security Guide. • GPOAccelerator and the how-to guidance for this tool to create, test, and deploy the security settings for the Windows Server 2008 Security Guide. • Solution Accelerators on Microsoft TechNet.