Microsoft has issued Windows Server 2003 Service Pack 1 (SP1), the first major update to its enterprise server operating system.
The service pack offers a number of security improvements, including Security Configuration Wizard (SCW), which provides a role-based process to guide administrators through reducing attacks.
According to Microsoft, “With SCW you can disable unused services easily and quickly, block unnecessary ports, modify registry values, and configure audit settings.”
Another security tool, called VPN Quarantine, is designed to limit network access for machines on virtual private networks that do not have current security updates. This prevents you from having to write your own ad hoc scripts to affect this facet of sound network security, Microsoft claimed.
Microsoft said it has also improved monitoring in Internet Information Server, its web server software that runs on Windows 2003.
The new functions enables system administrators to monitor and audit Internet Information Services (IIS) configuration settings using what Microsoft describes as an XML-based, hierarchical store of configuration information for Internet Information Services 6.0.
“The ability to audit this store allows network administrators to see which user accessed the metabase in case it becomes corrupted,” Microsoft said.
Post-Setup Security Updates (PSSU), is another security improvement designed to block incoming traffic to newly installed servers until the latest patches to Windows Server 2003 are downloaded and applied.
The service pack additionally offers security functionality that Microsoft introduced into Windows XP SP2 this summer such as support for “NX” no execute” technology and built-in firewall switched on as soon as the server starts up.
The NX support is available via Data execution prevention (DEP), a set of hardware and software technologies that performs additional checks on memory to help protect against exploitation of the system by malicious code, Microsoft said.