Securing Windows Server 2003

[InfoSec News <isn () c4i org>]

http://www.eweek.com/article2/0,3959,1034386,00.asp

By Dennis Fisher
April 18, 2003 

SAN FRANCISCO - The upcoming release of Windows Server 2003 is a
watershed event, not only for the Windows group, but also for the
security team at Microsoft Corp.

Company executives have made it quite clear over the last few months
that the next version of the flagship operating system will be a key
test for the processes and improvements made as part of the
Trustworthy Computing initiative.

In fact, Dave Aucsmith, chief technology officer of the Security
Business Unit at Microsoft, based in Redmond, Wash., said if the OS is
found to be as vulnerable as previous versions of Windows, it will
mean that the company's model for improving security "was wrong."

However, folks in Redmond aren't just holding their breath and hoping
for the best. The company has made some major changes to Windows that
executives believe will begin to turn the tide in the battle against
vulnerabilities and other quality problems.

One key security improvement in Windows Server 2003, set for release
April 24, is a feature that checks the configuration of user PCs as
they connect to the network. If the machine is not configured
properly, i.e., doesn't have updated anti-virus signatures or a
personal firewall installed, the software can quarantine the machine
on a private segment of the network until it is reconfigured. Some
third-party vendors sell similar solutions as add-ons to Windows, but
this will be the first time that such a capability is included in the
OS itself.

As part of the security push that all Microsoft products now go
through, the company's internal penetration testers developed some
innovative tools to attack new applications.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.