Security for windows server support services

Windows Server 2008 was launched on February 27, 2008, and to some it is just the next-generation server operating system that replaces Windows 2003, but for others it is a significant improvement to a 5-year-old operating system that will drastically improve how IT will support business and organizational initiatives for the next several years. To the authors of this book, we see the similarities that Windows 2008 has in terms of usability and common graphical user interfaces (GUIs) with previous versions of Windows Server that make it easy to jump in and start implementing the new technologies.

However, after 3 1/2 years of early adopter experience with Windows 2008, when properly implemented, the new features and technologies built in to Windows 2008 really address shortcomings of previous versions of Windows Server and truly allow IT organizations to help organizations meet their business initiatives through the implementation of key technologies now included in Windows 2008.

This chapter provides an overview of what's in Windows 2008, explains how IT professionals have leveraged the technologies to improve IT services to their organization, and acts as a guide on where to find more information on these core technology solutions in the various chapters of this book.

he various server roles in Windows 2008 typically fall into three categories, as follows:

• File and print services—As a file and print server, Windows 2008 provides the basic services leveraged by users in the storage of data and the printing of information off the network. Several improvements have been made in Windows 2008 for file security (covered in Chapter 13, "Server-Level Security") and file server fault tolerance (covered in Chapter 28, "File System Management and Fault Tolerance").
• Domain services—In enterprise environments running Windows networking, typically the organization is running Active Directory to provide centralized logon authentication. Active Directory continues to be a key component in Windows 2008 with several extensions to the basic internal forest concept of an organization to expanded federated forests that allow Active Directories to interconnect with one another. There are several chapters in Part II, "Windows Server 2008 Active Directory," that address Active Directory, federated forests, lightweight directories, and so on.
• Application services—Windows 2008 provides the basis for the installation of business applications such as Microsoft Exchange, Microsoft Office SharePoint Services, SQL Server, and so on. These applications are initially made to be compatible with Windows 2008, and later are updated to leverage and take full advantage of the new technologies built in to the Windows 2008 operating system. Some of the applications that come with Windows 2008 include Windows Terminal Services for thin client computing access (covered in Chapter 25, "Terminal Services"), Windows Media Server for video and audio hosting and broadcasting (covered in Chapter 36, "Windows Media Services"), utility server services such as DNS and DHCP (covered in Chapter 11, "DHCP/WINS/Domain Controllers," and Chapter 10, "Domain Name System and IPv6"), SharePoint document sharing and collaboration technologies (covered in Chapter 35, "Windows SharePoint Services 3.0"), and virtual server hosting (covered in Chapter 37).

This focuses on the Windows 2008 operating system and the planning, migration, security, administration, and support of the operating system. Windows 2008 is also the base network operating system on top of which all future Windows Server applications will be built.

Source: informit.com

Microsoft Home Server

The Small Business Technology blog talks about Microsoft Home Server. While this server is designed for the home, it also will work for the small business that only has a couple of computers.

Home Server fills a niche that previously was not being served. Microsoft does offer Small Business Server and while it is designed for companies with under 75 employees, it is more sophisticated than most starts up need or may need for many years.

One of the nice features in Home Server is that it will monitor the health of your pc and insure that such important items as your security software is up to date. In addition you can set it up to automatically back up files for your pc's every day so that you do not lose any important data.

Another nice feature is that you can remotely access your information. For example say you are on a business trip, you can access reports, invoices, order forms or any other data you might need without having to download everything to your mobile device or laptop.

For small start ups this may be a good tool to deal with your small network until your needs become greater.

Windows Server Security Guide

The Windows Server 2003 Security Guide provides specific recommendations about how to harden computers that run Microsoft Windows Server 2003 with Service Pack 1 (SP1) in three distinct enterprise environments—one in which older operating systems such as Windows NT 4.0 and Windows 98 must be supported, one in which Windows 2000 is the earliest version of the Windows operating system in use, and one in which concern about security is so great that significant loss of client functionality and manageability is considered an acceptable trade off to achieve maximum security. These three environments are respectively referred to as the Legacy Client (LC), Enterprise Client (EC), and Specialized Security – Limited Functionality (SSLF) environments throughout this guide.

Guidance about how to harden computers in these three environments is provided for a group of distinct server roles. The countermeasures that are described and the tools that are provided assume that each server will have a single role. If you need to combine roles for some of the servers in your environment, you can customize the security templates that are included in the download able version of the guide to create the appropriate combination of services and security options. The server roles that are referenced in this guide include the following:

	Domain controllers that also provide DNS services
	Infrastructure servers that provide WINS and DHCP services
	File servers
	Print servers
	Web servers that run Microsoft Internet Information Services (IIS)
	Internet Authentication Services (IAS) servers
	Certificate Services servers
	Bastion hosts

Significant efforts were made to make this guidance well organized and easily accessible so that you can quickly find the information that you need and determine which settings are suitable for the computers in your organization. Although this guide is intended for enterprise customers, much of the information that it contains is appropriate for organizations of any size.