Five Lessons in Security Design for Providing Services, Authentication and Manageability

“How do you dramatically improve server security? Start by creating an installation procedure that turns off everything with the exception of the most essential services needed to run a basic server. Once the role of the server has been determined, services and functionality features should be enabled according to the duties the server will perform.

A default installation of Windows Server 2003 provides the minimal amount services needed, and the new Configure Your Server and Manage Your Server wizards in Windows Server 2003 provide an intuitive interface to unlock functionality based on the server role. Just based on this principle alone, Windows Server 2003 is inherently more secure than its predecessors. However, this is just the start of where Windows Server 2003 begins to be the most secure operating system Microsoft ever released.

If you’re running Windows Server 2000 or Windows NT 4 Server in your enterprise, chances are you have spent quite a bit of time reducing the attack profile of these systems by applying patches and removing unneeded services and functionality for them to be as secure as possible. Out of the box, neither of these operating systems offer the strong security required by enterprises. IT administrators need to be very careful to configure the various security mechanisms after installation. It’s been a hard lesson for IT: Improperly configured and unpatched servers are a prime target for exploits, worms and viruses.”

Quelle 1:
Quelle 2: