Windows Server 2008

Windows Server 2008 is a Windows server line of operating systems developed by the Microsoft. It was launched on February 27, 2008 and the successor of Windows Server 2003 which was launched nearly five years before. Its updated version, Windows Server 2008 R2, was launched on July 22, 2009. It is constructed on Windows NT 6.x as similar with Windows Vista and Windows 7.

It is developed from the similar code base like Windows Vista. So, because of code similarity, it automatically supports most of the technical, security, management and administrative features which are new to Windows Vista like the enhanced image-based installation, deployment and recovery and many more.

Windows Server 2008 comprises of a fluctuation of installation known as Server Core. In this all of the sustainment work is performed with the command line interface windows. Alternatively, this work can be performed by linking the machine remotely with the help of Microsoft Management Console.

It provides high-availability of services and applications with the Failover Clustering. In the Windows Server 2008 and 2008 R2, the manner in which the clusters are specified, is altering significantly with the insertion of the cluster validation wizard. The cluster validation wizard is a feature that is incorporated with the failover clustering in Windows Server 2008 and 2008 R2. If you want to execute a set of focused tests on a collection of servers, that you specify to use as nodes in a cluster, then you can perform this with the help of cluster validation wizard.

Microsoft Updates Critical SMB Server Flaws

Microsoft issued a single SMB server security update Tuesday, patching critical flaws in the Server Message Block (SMB) that could be exploited by an attacker to access sensitive data or create a new account with full user rights.

The update addressed two critical remote code execution vulnerabilities and a denial-of-service flaw in the way the server handles SMB packets. An attacker could pass a message with malicious code to a computer running the server service. Microsoft said an attacker would not require authentication to exploit the flaw.

Paul Henry, security and forensic analyst at patch management vendor Lumension Security Inc., called the update some "fine tuning" of an earlier update issued by Microsoft. Microsoft bulletin MS08-068 addressed Windows authentication protocols affecting the SMB server. The SMB mishandled the challenge/response procedure, allowing an attacker who exploits it properly to gain access to files and assign full user rights.

"It's rated critical but [Microsoft is] saying that there's a very low likelihood of exploit code being generated for it," Henry said. "The critical rating follows the legacy products but it drops to a medium with Vista and Windows Server 2008. The code base for [Windows Server] 2008 and Vista is showing its strength."

Henry said the update should be relatively easy to deploy, but it will require a restart. The last SMB update caused some problems for administrators who attempted to deploy a workaround. Some had printers and other devices fail, Henry said.

Eric Schultze, chief technology officer at patch management vendor Shavlik Technologies LLC, said the update should be a high priority. In a statement, Schultze said the vulnerabilities are similar to what prompted the Blaster and Sasser worms a few years ago.

"We expect to see a worm released for this in the very near future," he said. "The only pre-requisite for this attack to be successful is a connection from the attacker to the victim over the NetBIOS (File and Printer Sharing) ports (TCP 139 or 445). By default, most computers have these ports turned on."

As a workaround, users can block TCP ports 139 and 445 at the firewall, although blocking those ports can halt important applications or services, Microsoft said.

"Remote attackers, even without a username and password, can take advantage of this issue and execute any commands they wish on the vulnerable server," Alfred Huger, vice president of Symantec Security Response wrote in an email message.

In Microsoft's MS09-001 bulletin, it said the flaws could be exploited remotely and rated it as critical for Microsoft Windows 2000, Windows XP, and Windows Server 2003, and moderate for all supported editions of Windows Vista and Windows Server 2008.

Source: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1344842,00.html

Enhance Terminal Services Gateway Security with ISA Server 2006

Following on the success of Outlook Anywhere in Exchange Server 2007, Windows Server 2008 in turn delivers the capability to access your desktop from anywhere in a secure and controlled manner.

The new Terminal Server Gateway service (TS Gateway) in Windows Server 2008 offers the flexibility of Windows® Terminal Server Services plus the ability to connect to a Terminal Server from anywhere over an HTTP connection. This service uses Remote Desktop Protocol (RDP) over HTTPS (SSL) to increase security while providing a single client interface for accessing Terminal Services resources.



This new TS Gateway service offers significant benefits to those who need to access their computers remotely:

* No need to establish a Virtual Private Network (VPN) session prior to connecting to internal resources using RDP.
* Enhanced security using Network Access Protection (NAP) and Windows Security Health Checks to control RDP connections.
* No need to open TCP port 3389 inbound to enable more secure Web publishing through firewalls.

You can use Microsoft Internet Security and Acceleration Server 2006 to enhance the security of TS Gateway service while allowing external access to internal resources. You can set up an SSL-to-SSL bridging scenario in which ISA Server 2006 receives requests and passes them to the internal TS Gateway service, also using HTTPS. While bridging the request, the ISA firewall decrypts the SSL communications and performs application-layer inspection.

If the HTTP protocol stream passes inspection, then the communication is re-encrypted and forwarded to the Terminal Services proxy. If the protocol stream fails inspection, the connection is dropped.

For Detail Information visit: http://technet.microsoft.com/en-us/magazine/2008.09.tsg.aspx

Source: http://blogs.windowsecurity.com/shinder/2009/01/14/enhance-ts-gateway-security-with-isa-server-2006/