What has to happen for Microsoft to consider this release of Windows Server 2008 at success from a security point of view?
In developing Windows Server 2008, three key aspects of security were imperative in achieving our goal to create our most secure operating system to date. We wanted customers to be confident they had a secure platform, a network that was safe to access, and that their data was protected and compliant.
Innovative features such as Network Access Protection (NAP), Federated Rights Management, and Read-Only Domain Controller (RODC), have aided in us achieving that goal. In addition, BitLocker and Active Directory Rights Management improve information protection to secure sensitive data from being captured and misused.
These new security features provide unprecedented levels of protection for a company's network, data, and business, making Windows Server 2008 the most secure Windows Server ever, with a hardened security platform that provides secure policy-based access to the network and ensures sensitive information is not compromised, allowing businesses to host the most mission critical applications and workloads.
As beta testers began reporting feedback on the security of Windows Server 2008, what were some of the positives and negatives they reported? How were they addressed?
A: One of the main concerns from customers was ensuring health and compliance of their networks. With that in mind, the server team developed a deployment wizard specifically to address this issue. We continue to get feedback from testers that this wizard has greatly improved the deployment experience. Additionally, we incorporated NAP into Windows Server 2008, giving organizations the power to isolate computers that don't comply with security policies that they have set. Giving customers the ability to enforce security requirements is a powerful means of protecting their network.
BILL LAINGGM, Windows Server DivisionMicrosoft
We also knew the importance of customer data and platform security. Therefore, we integrated Active Directory Rights Management Services (AD-RMS) into Windows Server 2008. This helps prevent unauthorized access and use of documents, data and emails. RMS enables document owners to identify authorized users and manage restrictions on usage of documents. Read-Only Domain Controller (RODC) improves security of branch office servers and reduces risk of stolen information branch data centers. This helps reduce corruption and compromise of the system.
RODC running on Server Core proved to be especially popular with customers looking to deploy that configuration, either to authenticate users or apply policy to servers. Server Core installation--a new feature for customers using Windows Server 2008--offers a minimal environment for running specific server roles, reducing the maintenance and management requirements and the attack surface for those server roles. Server Core installation installs only the subset of the binaries that are required by the supported server roles. The list of Server Core roles include Active Directory Domain Services; Active Directory Lightweight Directory Services; Dynamic Host Configuration Protocol (DHCP) Server; DNS Server; File Services; Print Server; Streaming Media Services; Web Server (IIS); and Hyper-V (Virtualization).
Other optional features supported by Server Core include Microsoft Failover Cluster; Network Load Balancing; Subsystem for UNIX-based applications; Windows Backup; Multipath I/O; Removable Storage Management; Windows BitLocker Drive Encryption; Simple Network Management Protocol; Windows Internet Naming Service; Telnet Client; and Quality of Service.
We've built Windows Server 2008 on a solid foundation of customer feedback, which reflects in the product's ease of management, security enhancements and overall reliability. The range of choices and virtualization enhancements will help customers tailor solutions built to fit virtually any business need. With more than one million downloads and evaluation copies, our work with customers and partners gives us the confidence that these security enhancements will offer organizations the type of security assurances they desire from their server platform.
Can you provide some insight into the internal security testing and threat models applied to Windows Server 2008?
Windows Server 2008 was developed end to end using the Security Development Lifecycle (SDL), and leveraged all of the improvements and testing that went into Windows Vista. We enlisted the help of a number of third-party security professionals to perform code reviews, design reviews and in-depth security testing on Windows Server 2008. Windows Server 2008 went through some of the most intensive protocol testing ever, focused on the security of all of the exposed network protocols.
The code reviews and in-depth security testing showed us we needed a platform that is secure. By hardening the platform, we ensure that the file system and registry is safeguarded from abnormal activities. Through service hardening, we reduce the risk of the platform being hacked, preventing critical Windows services from being used by abnormal activity in the file system, registry, or network. In addition, Windows Firewall with advanced security is built into Windows Server 2008 so no other ports are opened by default. This provides centralized firewall filtering and connection security rules and policies and reduces conflicts and coordination overhead between technologies.
We have also enhanced and improved the TCP/IP stack, improving security by providing filtering capabilities at all layers of the TCP/IP stack. The new stack provides improved future-proof security at the platform level while also ensuring backward compatibility. The new Server Core installation option also helps keep the platform secure. When installing Windows Server 2008, roles and optional features are not installed by default, reducing the attack surface that otherwise may be vulnerable.
From your interactions with customers, what sways them to prefer security built into the operating system as opposed to the trend of building security into the networking infrastructure? Can you cover the pros and cons of both from Microsoft's point of view?
Based on feedback from our customers, we believe that it shouldn't be an "either/or" situation. Ideally, security and privacy should be built into every layer in the IT infrastructure stack with a "defense-in-depth" strategy that makes it difficult for anyone with malicious intent to find an opening to attack.
In developing Windows Server 2008, it was clear that we needed a platform that addressed the changing landscape of how our customers do business. Enhanced auditing, Drive Encryption, event forwarding, and Rights Management Services are just some of the technologies that help organization adhere to today's strict IT compliance standards. In addition, NAP addresses the industry-wide problem of unhealthy computers accessing and compromising an organization's network.
With NAP, any computer connecting to the network has to meet corporate policy for "health" requirements, while continually performing ongoing compliance-checking. Windows Server 2008's auto-remediation capability means the updates can be conducted automatically, reducing strain on corporate IT help desks. Managing servers, services, and security at remote locations is an on-going challenge for IT Professionals. Windows Server 2008 simplifies administration of the servers in branch offices with enhancements to Active Directory, including Read-Only Domain Controllers and administrative role separation. Technologies like BitLocker, and the Server Core installation option are specific features that increase security and privacy and address the unique needs of branch offices. The perception remains, however, that Microsoft lags in security.
What do you believe Windows Server 2008 will do to reverse this perception?
It will take time. We understand that the changing nature of customers' networks means that it is no longer a completely managed resource where security can be implemented as it has been done in the past. We have taken a more holistic approach that starts with a fundamentally secure platform. The expectation of having data available anywhere, anytime means that only depending on a network based security solution is no longer a viable option. By ensuring that every layer of the IT infrastructure is secure and private, we believe Windows Server 2008 is the most secure operating system we have ever built.
Customer input has played a large role in understanding the security needs of our customers and working diligently in addressing those needs in all of our products. We have made a number of enhancements over the last year to provide quality information to customers, particularly when issues require real-time clarity and guidance, such as security advisories, MSRC blog, publishing incident pages, Web casts, RSS feeds and more. We will continue to look for ways to improve processes and offerings to ensure communications with customers are authoritative and clear information as quickly as possible.
We also believe the Security Development Lifecycle is an industry-leading methodology for developing secure, reliable and privacy-enabling software. We currently have information and tools derived from internal experiences with the SDL available to customers and partners, and plan to do this more extensively in the future. We are continually looking to enhance the SDL, and to share concepts and tools with ISVs, partners, and customers with the objective of improving the security of the entire computing ecosystem.
The multitude of security features built into the operating system will help our customers protect their data like never before. Ensuring our customers are able to safely run their mission critical applications is a top priority and the feedback we have received from customers and partners has been encouraging. In addition to the more than 1 million downloads and evaluation copies, we have over 300 partner enrolled applications in the Microsoft Early Access Program supporting software certification and "Works with" validation. Also, partners and customers have downloaded well over 5,000 copies of the software certification program test tools since July. These programs are intended to allow partners deliver solutions that customers can immediately deploy with confidence on Windows Server 2008.