Windows Server 2003 SP1 to Feature New Security Tool
In a briefing this week with Microsoft, I was told that the first service pack for Windows Server 2003--due in December--will include a roles-based Security Configuration Wizard that will provide administrators with a definitive list of the services required for each Windows 2003-based server. The wizard will be based on an XML database that includes information about Windows 2003, Exchange, SQL Server, and other Microsoft products. When you configure the server to perform certain roles, the wizard can shut off any unnecessary services, taking the guess work out of what used to be a very complicated process. Additionally, the company tells me the tool can be used to shut down any ports not required by the assigned server roles, further increasing the integrity of the system.
The Security Configuration Wizard for Windows Server 2003 will work in two different modes. In the simplest mode, the wizard will automatically identify the roles assigned to the server by evaluating what services are running and which roles were previously configured. After evaluating the running services, the wizard will then inform the administrator about which unnecessary services are running and offer to shut them down. In a more restrictive mode, the administrator can simply tell the wizard which roles should be assigned to the server, including such things as Web server, DNS server, or directory server. The wizard will then shut down any unneeded services.
An interesting user interface in the wizard can display the list of running services as well as which services are required by the currently assigned roles, helping administrators understand what is often a confusing set of dependent services. Also, it can open and close ports on the server, again based on roles, and block traffic to unnecessary ports.