Recent Windows Coverage
IIS Takes Modular Approach With Windows Server 2008
Win 2003 High Availability Solutions Series
6. Enhanced terminal services
Terminal services has been beefed up in Server 2008 in a number of ways. TS RemoteApp enables remote users to access a centralized application (rather than an entire desktop) that appears to be running on the local computer's hard drive. These apps can be accessed via a Web portal or directly by double-clicking on a correctly configured icon on the local machine. TS Gateway secures sessions, which are then tunnelled over https, so users don't need to use a VPN to use RemoteApps securely over the Internet. Local printing has also been made significantly easier.
7. Network Access Protection
Microsoft's system for ensuring that clients connecting to Server 2008 are patched, running a firewall and in compliance with corporate security policies and that those that are not can be remediated is useful. However, similar functionality has been and remains available from third parties.
System drive encryption can be a sensible security measure for servers located in remote branch offices or anywhere where the physical security of the server is sub-optimal. Bitlocker encryption protects data if the server is physically removed or booted from removable media into a different operating system that might otherwise give an intruder access to data which is protected in a Windows environment. Again, similar functionality is available from third-party vendors.
We've already mentioned various security features built into Server 2008, such as the ability to reduce attack surfaces by running minimal installations, and specific features like BitLocker and NAP. Numerous other little touches make Server 2008 more secure than its predecessors. An example is Address Space Load Randomization a feature also present in Vista which makes it more difficult for attackers to carry out buffer overflow attacks on a system by changing the location of various system services each time a system is run. Since many attacks rely on the ability to call particular services by jumping to particular locations, address space randomization can make these attacks much less likely to succeed.
It's clear that with Server 2008 Microsoft is treading the familiar path of adding features to the operating system that third parties have previously been providing as separate products. As far as the core server product is concerned, much is new. Just because some technologies have been available elsewhere doesn't mean they've actually been implemented. Having them as part of the operating system can be very convenient, indeed.
If you're running Server 2003 then, now is the time to start making plans to test Server 2008 you're almost bound to find something you like. Whether you decide to implement it, and when, is up to you.
This article was first published on ServerWatch.com.