Microsoft beefs up security with Windows Server Service Pack 1

Microsoft has released Windows Server 2003 Service Pack 1, laying the next plank in its strategy to improve IT security.

Microsoft has released Windows Server 2003 Service Pack 1, laying the next plank in its strategy to improve IT security.

SP1 is designed to address core security issues by providing users with a reduced "attack surface", better protected system services with stronger default settings, and reduced access privileges.

"With Windows Server 2003 Service Pack 1, our development team took the time to treat the root cause of many security issues, not just the symptoms," said Bob Muglia, senior vice-president of Microsoft's Windows Server division. "This service pack should help address certain classes of exploits."

Al Gillen, an analyst at IDC, said, "Microsoft has brought forward not just the normal collection of updates but several tools that promote more secure network configuration and a streamlined way to administer the latest security releases."

New technologies in SP1 include a security configuration wizard, which reduces the platform's attack surface by gathering information about specific server roles. It then automatically blocks all services and ports not needed to perform those roles.

An additional Windows firewall on the server delivers network-wide control through group policies, and a post-set-up security update feature blocks all inbound connections to the server until updates are activated on the computer. This prevents hacks between the time of installing updates and their activation.

The service pack also offers "no execute" - the processor-based security measure that tackles buffer overflow attacks - and DCom and RPC lockdown. These prevent hackers from using the DCom and RPC services to attack a server. This feature could be incompatible with some applications but Microsoft said it had tested many applications on SP1.

Other SP1 features include Internet Information Services 6.0 Metabase Auditing, which allows administrators to identify potential malicious users. The use of stronger defaults and privilege reductions on services establishes a minimum security threshold for applications.

There is also the addition of network access quarantine control components to allow administrators to isolate out-of-date virtual private network access points.

Based on internal tests and depending on server workload, Microsoft said users could gain a 50% increase in performance and reliability by installing SP1.

Read more on IT risk management