Increased Support for Standards
Windows Server 2008 introduced several
industry standards built in to the Windows operating system that have
since been updated in Windows Server 2012. These changes continue a
trend of the Windows operating system supporting industry standards
rather than proprietary Microsoft standards. One of the key standards
built in to Windows Server 2008 and Windows Server 2012 is IPv6.
Internet Protocol version 6 (IPv6) is the
future Internet standard for TCP/IP addressing. Most organizations
support IPv4. The current Internet numbering scheme is running out of
address space, and so Internet communications of the future need to
support IPv6, which provides a more robust address space.
In addition, IPv6 supports new standards in
dynamic addressing and Internet Protocol Security (IPsec). IPv6 also
supports the current IPv4 standards, and so dual addressing is
possible.
Enhancing the Windows Server 2012 Security Subsystem
This discussion includes the basics of server
hardening, patching, and updating, but also extends into new server
security areas added to Windows Server 2012, such as device control
level security, wireless access security, and Active Directory Rights
Management Services (AD RMS). Windows Server 2012 has continued the
“secure by default” theme at Microsoft and no longer installs
components such as Internet Information Services (IIS) by default. The
good part about it is that components that are not core to the
operation of a server are not installed on the system; however, it
means every time you install software, you need to add basic components
and features.
Server Core and Minimized User Interface
Windows 2012 Server Core was
mentioned in the preceding section when the various installation
operations of Windows 2012 were noted, and with Server Core and the
minimized user interface, a lighter, more secure version of Windows
Server can be implemented in the enterprise. Instead of having complex
policies, practices, and systems to lock down servers and systems, just
decreasing the attack surface with the minimized user interface on
Windows Servers helps organizations improve security and decrease
management overhead related to maintaining and supporting patches and
updates on servers.
Dynamic Access Control
Dynamic Access Control in Windows Server 2012
is a great addition to file system security, something that has been a
challenge for organizations for years. Dynamic Access Control provides
central access policies, similar to what is shown in Figure 1, to files and folders across all
Windows 2012 file servers in the enterprise. In the past, file
permissions were done on a server-by-server (or file share-by-file
share) basis. To find what rights a user had was nearly impossible
because each server and each share had to be queried. File permissions
were hard to set, hard to apply, and hard to manage.
Figure 1. Central access rules in Dynamic Access Control.
Dynamic Access Control not only provides a
centralized policy for enabling and disabling access per user or group,
but Dynamic Access Control also enables you to tag and classify data,
either manually or by doing keyword assessment and tag application.
Tags can be applied through identification of keyword data looking for
specific words (like confidential, financial statement, product codename x) or by content format (Social Security number format and so on).
