Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM.

Similar presentations


Presentation on theme: "Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM."— Presentation transcript:

1 Windows Server 2003 SP1

2 Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM

3 Session Goals: Introduce you to the new features and tools in Windows Server 2003 Service Pack 1. Examine the new security models and enhancements introduced. Demonstrate how you can manage and test these changes in your environment Best Practices, Tools and Tips

4 Agenda SP1 Features and Configuration Tools System and Network Security Enhancements Configuration Options Testing in a Virtual lab

5 What are the Goals of SP1? Enhanced Security –reduced attack surface –new security enhancements Stronger Defaults and privilege reduction on services RPC / DCOM Support for no execute hardware Intel AMD Windows Firewall enabled by default New install scenario Provide a Security Configuration Wizard to assist IT Admins Role-based configuration and lockdown VPN Quarantine Client inspection Fix-up Isolation IIS 6.0 metabase auditing Enhanced Reliability Enhanced Performance –10%+ improvement in TPC, TPC-H, SAP, SSL, etc.

6 SP1 Features and Enhancements Relevant XP SP2 enhancements –RPC, DCOM lockdown Windows Firewall Post-Setup Security Updates Boot-time network protection for clean installs Security Configuration Wizard Base 64-bit extension system

7 SP1 Deployment Options Manual installation Update.exe /? (for options) Update.msi Slipstreaming Update.exe /integrate: Imaging software OS deployment feature pack for SMS 2003 Scripted installation Unattend.txt

8 What happens after you install SP1? New Server install (slipstreamed) Post Setup Security Updates invoked: Server protection between installation of operating system and installation of latest updates Windows Firewall enabled if not explicitly configured during installation Upgraded Server 2003 (update.exe) Firewall disabled by default New security models come in to force Install and Run the Security Configuration Wizard

9 Post Setup Security Updates The PSSU interface enables Administrators to safely install product updates after an initial installation of Windows Server 2003 and SP1 Appears on Administrator Logon or due to a product update installation or other maintenance Windows Firewall is turned off and the service disabled when the Finish button is clicked

10 What happens after you install sp1  Post Setup Security Updates demonstration demonstration

11 Security Configuration Wizard Identifies open ports The wizard should be executed with required applications and services running Selects server roles from configuration database Configures required services Configures ports for Windows Firewall Configures security for LDAP and SMB Configures an audit policy Configures settings specific to roles performed by the server

12 Security Configuration Wizard Configuration saved to XML file Applied by the wizard Apply an existing security policy Applied from the command line scwcmd.exe configure /p:webserverpolicy.xml Used in scripts Unattended setup scripts

13 Security Configuration Wizard  Using the Security Configuration Wizard  Roles and Templates demonstration demonstration

14 Agenda SP1 Features and Configuration Tools System and Network Security Enhancements Configuration Options Testing in a Virtual lab

15 System Security Enhancements Data Execution Prevention Enforced by hardware and software Hardware DEP Requires processor support Processor marks areas of memory as non-executable unless they specifically contain executable code May cause compatibility issues Software DEP Functional on any processor that supports Windows Server 2003 Protects system binaries from exploits relating to exception handling Unlikely to cause compatibility issues

16 System Security Enhancements Data Execution Prevention Boot.ini configuration /noexecute=PolicyLevel OptIn – Software DEP is enabled; Hardware DEP is only enabled for applications that are specifically configured OptOut – Software DEP and Hardware DEP are enabled; they are only disabled for applications that are in the exception list AlwaysOn – Software DEP and Hardware DEP are always enabled; any configured exceptions are ignored AlwaysOff – Software DEP and Hardware DEP are disabled

17 Network Security Enhancements DCOM Security DCOM permissions Launch Activate Access System-wide security Administrator configured Affects all DCOM servers Component Services Group Policy

18 Network Security Enhancements RPC Security RPC is a protocol for network communication SP1 enhancements Require authenticated connections Not compatible with named pipes RPC security settings RestrictRemoteClients EnableAuthEpResolution

19 Remote Procedure Call Security  Configure RPC Security  Viewing the effects of RPC Security demonstration demonstration DCOM Security  Investigating DCOM permissions  Demonstrating system-wide DCOM permissions

20 Agenda SP1 Features and Configuration Tools System and Network Security Enhancements Configuration Options Testing in a Virtual lab

21 Management of Features Windows Firewall (default Settings) Boot-time security On by default (Integrated Installation only) Global configuration and restore defaults On with no exceptions Command-line support Unattended setup support RPC Support for system services Multiple profiles Windows firewall exceptions list Local subnet restrictions

22 Management of Features Command Line Config with Netsh

23 Management of Features Windows Firewall GUI

24 Management of Features Group Policy

25 Windows Firewall  Changing the state of the Windows Firewall/Internet Connection Sharing (ICS) service to enable firewall configuration  Configuring Windows Firewall using the graphical user interface, command line, and Group Policy demonstration demonstration

26 Agenda SP1 Features and Configuration Tools System and Network Security Enhancements Configuration Options Testing in a Virtual lab

27 Testing in a Virtual Lab Why Test? Know the impact updating will have Plan your deployment Deal with potential issues in test environment Smooth upgrade process

28 How to Test the SP1 Installation in Your Environment Verify that the software and services continue to work Install SP1 on each computer and apply security settings / templates Create a test environment that is representative of your company’s computers, software and services

29 Virtual Test Network Testing with Virtual Networks Virtual Test Environment for SP1 Isolated test network Virtual NICS Virtual NICs Hardware server Physical NICs Bridged virtual network Virtual Switch XP SP2 Workstation VM Application Server VM Server 2003 SP1 VM Private internal network Bridged virtual network Private virtual network Virtual DHCP Server

30 Testing SP1 in a Virtual Network  Virtual Network Environments  Undo feature demonstration demonstration

31 Session Summary Windows Server 2003 SP1 provides a number of security enhancements These enhancements will provide additional security and help guard against attack The new security features should be fully tested before implementation There are also a number of new tools in SP1 to help you manage the server settings and roles.

32 For More Information Visit TechNet at –www.microsoft.ca/technet Windows Server 2003 SP1 Beta –http://www.microsoft.com/windowsserver2003/downloads/servicepacks /sp1/default.mspx Server Virtualization –www.microsoft.com/windowsserver2003/techinfo/overview/virtualizatio n.mspx

33 Where Can I Get TechNet? Visit TechNet online at Register for the TechNet Flash /technet/abouttn/subscriptions/flash_register.mspx Join the TechNet online forum at Become a TechNet subscriber at Attend more TechNet events or view online

34


Download ppt "Windows Server 2003 SP1. Windows Server™ 2003 Service Pack 1 Technical Overview Jill Steinberg: Added TM Jill Steinberg: Added TM."

Similar presentations


Ads by Google