Windows server2008
- 1. Improving Network Security Using Windows Server 2008 Published: May 2008
- 2. Server & Domain Isolation Domain Isolation Protect managed computers from unmanaged or rogue computers and users Protect specific high-value servers and data Server Isolation
- 3. Isolation Solution Details Policies are created, distributed, and managed through Active Directory® Security Groups and Group Policy: Domain membership is required to access trusted resources. Expands the use of supportive tools like Microsoft Systems Management Server (SMS) 2003 or Windows Server® Update Service (WSUS). Authentication is based on machine and user credentials: Kerberos, X.509 certificates , NTLM version 2 (NTLMv2), NAP health certificates Policies are enforced at the network layer by IPsec: Uses IPsec transport mode for end-to-end security and Network Address Translation (NAT) traversal Packets encapsulated with Encapsulating Security Payload (ESP) or Authentication Header (AH) for authentication and integrity Optionally, encryption of highly sensitive network traffic Policy Management Authentication Enforcement
- 4. Windows Firewall Integration Integrated host firewall and IPsec management: New management tools (the Windows Firewall with Advanced Security MMC snap-in; netsh advfirewall command-line tool) Reduces conflicts and coordination overhead among technologies Firewall rules become more intelligent: Specify security requirements such as authentication and encryption Specify Active Directory computer or user groups
- 5. This document is provided for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Editor's Notes
- #2: Abstract CUSTOMER READY: Microsoft IT discusses the next generation of networking features in Windows Server 2008 and the network security solution scenarios these features enable. Introduction As part of its Secure Anywhere Access Initiative, Microsoft IT has undertaken a multi-year effort to improve the security of the Microsoft network. The improvements have come by using a combination of technologies. Leveraging Internet Protocol Security (IPsec) and Windows® Firewall along with improved management tools, Microsoft IT has created a more secure network. The security improvements create advantages for the business by reducing downtime resulting from malware, improving compliance, and reducing time spent on management of information technology (IT) security. This presentation examines the evolution of security within Microsoft’s corporate network. Included are Microsoft IT’s experience in planning its initial rollout of IPsec, the use of Windows Firewall, and Network Access Protection (NAP).
- #3: 07/03/10 21:33 ©2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
- #4: 07/03/10 21:33 ©2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
- #5: 07/03/10 21:33 ©2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
- #6: © 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.