With the release of Windows Server 2003 barely a week old, Microsoft continued delivering on its sustained content model promise, as was exclusively reported in WinInfo Daily UPDATE last month. This week, the software giant issued its voluminous Windows Server 2003 Security Guide, a Threats and Countermeasures document for Windows 2003 and XP, and companion documentation designed to help harden Windows 2000 Server and Professional against attack.
As described by Microsoft, the Windows Server 2003 Security Guide includes 12 chapters that focus on providing a set of easy to understand guidance, tools, and templates to help secure Windows Server 2003 in many environments. "While the product is extremely secure from the default installation, there are a number of security options that can be further configured based on specific requirements," the company notes. "This guidance not only provides recommendations, but also the background information on the risk that the setting is used to mitigate as well as the impact to an environment when the option is configured."
Also available is the Threats and Countermeasures Guide for Windows 2003 and XP. This 12 chapter guide details the different threats, potential countermeasures, and the potential impact of configuring various security settings that can be configured on Microsoft Windows Server 2003 and XP.
Finally, Windows 2000 users can access a 6 chapter Windows 2000 Security Hardening Guide designed to provide generic guidance for securing a wide range of system types, without trading off basic operating system functionality. "The recommendations in this guide were generally chosen to safely allow Microsoft customers to deploy the recommended settings on existing Windows 2000 systems, not just on newly-built systems," the company notes in the documentation. "We have also reviewed the default permissions on Windows Server 20003 and recommended those permissions here where they did not break existing Windows 2000 Server services."
Last month, I reported that Microsoft would unleash an unprecedented amount of free online documentation for Windows 2003, phased in and updated over time. In addition to the security guides mentioned above, Microsoft has also delivered deployment, NT migration, and planning and architecture reference material related to Windows 2003.