With Windows Vista we’ve improved the security of the platform dramatically, because Windows Vista and Longhorn server share the same code base they will also share some of the security features. If we look at server hardening we can talk about how we segmented the services, boot process and binary image protection, device installation control and Windows Firewall with advanced Security.
- Windows service hardening is key to securing Windows Server Longhorn. Compared to previous versions of windows, you’ll find that we’ve increased the number of security layers between the user and the system kernel. The first thing we’ve done is reduced the size of the high risk layers. This means that the amount of code that has to run at the kernel level has been significantly reduced. We wanted to remove the number if drivers running in kernel-mode for example we removed the audio and printer drivers from the kernel and let them only run in user-mode. The second thing we did is to segment the services so that not all parts of that services are running in high privileged mode but in a lower user privileged which will improve the security.
- Windows Server Longhorn implements code integrity through something called operating system file protection. Essentially what this does is every time the system is brought online, every file that is loaded into the OS is checked against a known good state of that file. This is done through a certificate or a manifest of what the checksum of that file is, and if they don’t match it will halt the system from booting and enter a recovery process.
- The built-in Windows Firewall is another area that has been improved. The Windows Firewall with Advanced Security in Windows Server Longhorn is a stateful host-based firewall that allows or blocks network traffic according to its configuration and the applications that are currently running to provide a level of protection from malicious users and programs on a network. The advanced security functionality of Windows Firewall includes support for both incoming and outgoing traffic.
- In Windows Server Longhorn we are giving you control over removable device installation. This addresses the concern of end users stealing enterprise information on a USB flash device. So now you will have the ability to control, through the Hardware ID of this device. You will be able to control which device can be installed or not by using group policies.
Previous Posts in this series: