Security Configuration Wizard (SCW), one of the new features added to Windows Server 2003 in Service Pack 1 (SP1), uses an intuitive, role-based process to guide administrators through reducing the attack surface. With SCW you can disable unused services easily and quickly, block unnecessary ports, modify registry values, and configure audit settings.
Help protect newly installed servers.
In today's security environment there is a continual search for new and potentially exploitable system vulnerabilities. Post-Setup Security Updates (PSSU), another new feature of Windows Server 2003 SP1, blocks all incoming traffic to newly installed servers until the latest patches to Windows Server 2003 are downloaded and applied. PSSU also guides configuration of Automatic Updates when you first log on.
Get firewall protection from startup to shutdown.
Windows Firewall, the same core firewall technology in Windows XP Service Pack 2, is built into Windows Server 2003 SP1. Windows Firewall in Windows Server 2003 SP1 allows granular control over server and client computers through the use of Group Policy. Moreover, Windows Firewall provides boot-time protection, lowering the risk of attack just after a server is started up and while it is shutting down.
Bolster your defenses with "no execute" hardware support and software.
Data execution prevention (DEP) is a set of hardware and software technologies that performs additional checks on memory to help protect against exploitation of your system by malicious code. Windows Server 2003 SP1 fully utilizes the DEP capabilities built into servers by many manufacturers and further augments those capabilities with DEP software of its own.
Help protect your system services with stronger default settings and reducing privileges.
Services such as remote procedure call (RPC) and DCOM are integral to Windows Server 2003 and make an attractive target for hackers. By requiring greater authentication for calls of these services, Windows Server 2003 Service Pack 1 helps establish a minimum threshold of security for all applications that use these services, even if they possess little or no inherent security.
VPN Quarantine automatically provides the means for limiting network access for machines on virtual private networks that are not current with regards to security updates. This prevents you from having to write your own ad hoc scripts to affect this facet of sound network security.
Monitor and audit your Internet Information Services (IIS) configuration settings.
The metabase is the XML-based, hierarchical store of configuration information for Internet Information Services 6.0. The ability to audit this store allows network administrators to see which user accessed the metabase in case it becomes corrupted.
Windows Firewall Policy Management
Windows Server 2003 SP1 includes new Group Policies that help IT Pros centralize client and server firewall management, including application rules, port rules, and firewall logging at the client and server to help improve security in the enterprise while maintaining centralized configuration and deployment.
Help Secure Internet Explorer.
Internet Explorer now contains many enhancements to help secure Windows Server 2003. Among them, Internet Explorer more effectively stops downloads of spurious files and prevents Web pages from accessing cached objects.
Avoid potentially unsafe e-mail.
Windows Server 2003 SP1 includes additional refinements to protect the network. With Outlook Express you can now open mail in plain-text mode, preventing HTML messages from running malicious code. Outlook Express prevents e-mail from downloading external content, stopping a means by which spam senders can validate your e-mail address. Outlook Express also checks e-mail attachments with Attachment Manager, eliminating the need for your own custom code to do so.