Home > Information Security Magazine > Features > Examine Security of Windows Server 2008
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Examine Security of Windows Server 2008
by Beth Quinlan
Issue: Feb 2008
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >

ARMORED OS
Windows Server 2008 introduces a number of mechanisms to help bulletproof the operating system, starting with BitLocker Drive Encryption, an optional mechanism to encrypt OS volumes while protecting the integrity of the Windows boot process. Encrypting the entire operating system volume on the hard disk hardens the OS against software attacks and loss of any other data on the drive.

BitLocker mitigates the impact of unauthorized access through two separate protection procedures: drive encryption and secure startup (integrity verification).

All user and system files on the volume are encrypted, including user data, the page file and temp files. It also provides protection for any third-party applications when installed on the encrypted volume. Drive encryption is designed to work in conjunction with a Trusted Platform Module (TPM 1.2) chipset; however, it will function on a system without TPM as long as the BIOS can boot from a USB flash drive.

As with many security technologies, there is a corresponding tradeoff in ease of management. System upgrades will require you to decrypt the volume; non-Microsoft software updates will require you to completely disable BitLocker before you start, else the system will enter a recovery mode and require a recovery key or password to be accessed. On the other hand, setup and management is wizard-based and is extensible through a Windows Man-agement Instrumentation (WMI) interface.

Microsoft says there is no noticeable performance impact on the server, as it imposes only a single-digit percentage increase in overhead. Encryption occurs in the background and proceeds at a rate of approximately 1 GB per minute in most cases.

Secure startup, which requires the TPM 1.2 chipset, protects the integrity of the boot process and protects against data theft or system tampering when the OS is offline or even while it is being installed. It helps to ensure that data decryption is performed only if the boot components appear unmolested and that the encrypted drive is located in the original computer. If the system is tampered with, it will be locked and refuse to boot. No ports will be opened until the OS is fully booted.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts