Windows Server 2012- Security Features
With the release of Windows
server 2012, Microsoft does the game again. In windows server 2012 Microsoft
introduced some changes in all the roles like file sharing, identity,
storage, virtual desktop infrastructure, and certainly server virtualization
and cloud. Let’s walk through the security features that Microsoft brought into
amazing windows server 2012.
1. UEFI and Secure Boot:
Microsoft has replaced the traditional ROM-BIOS booting with UEFI (Unified
Extensible Firmware Interface) ver. 2.3.1 which prevents boot code update without
signatures and digital certificates. We can say that boot process is completely
secure. It also reduces risk of entering malicious code such as boot viruses
and root kits.
2. BitLocker drive encryption
Prior to Windows Server 2012, implementing Bit
Locker on a server meant using either Trusted Platform Module (TPM) chip-only
mode, which is the weakest protector in the many offered, or required that a
server administrator be present for each boot with a PIN, password, or USB key.
That doesn't work so well in a lights-out data center.
But enhanced Bit Locker goes even further, with support for hardware encrypted
disks, AD account or group protectors, and cluster-aware encryption that allow
the disk to properly failover and be unlocked to any member computer of the
same cluster. With these new enterprise-intended features, Windows Server 2012
will be far easier to encrypt with Bit Locker than its predecessor.
3. Early Launch Anti-Malware
Another Windows Server 2012
feature is ELAM (Early Launch Anti-Malware) ensures that only known,
digitally signed antimalware programs can load right after Secure Boot
finishes. This way, legitimate antimalware programs can get into memory and
start doing their job before fake antivirus programs or other malicious code.
4. DNSSEC
DNSSEC requires that authoritative DNS servers sign their responses and prove that they own the zone by handing out digital certificates and digitally signed records. Windows Server 2008 R2 had DNSSEC capabilities, but they did not interoperate well with non-Microsoft platforms. Windows Server 2012 solves it, not only making DNSSEC interoperable, but also significantly easier to configure.
DNSSEC requires that authoritative DNS servers sign their responses and prove that they own the zone by handing out digital certificates and digitally signed records. Windows Server 2008 R2 had DNSSEC capabilities, but they did not interoperate well with non-Microsoft platforms. Windows Server 2012 solves it, not only making DNSSEC interoperable, but also significantly easier to configure.
5. Internet Information Service
8
Internet Information Service (IIS) 8 contains many new security improvements. Dynamic IP Restrictions is a feature that allows IIS to automatically block abusive IP addresses based upon predefined conditions, such as concurrency or frequency of HTTP requests. This applies to FTP logons as well. In IIS 7, IP address restriction was static and manual. IIS 8 also works harder to sandbox individual applications into multi-tenancy security sandboxes.
Internet Information Service (IIS) 8 contains many new security improvements. Dynamic IP Restrictions is a feature that allows IIS to automatically block abusive IP addresses based upon predefined conditions, such as concurrency or frequency of HTTP requests. This applies to FTP logons as well. In IIS 7, IP address restriction was static and manual. IIS 8 also works harder to sandbox individual applications into multi-tenancy security sandboxes.
Comments