May 05, 2015

What are the security advantages of migration as Windows Server 2003 EOL approaches?

Beyond the upcoming lack of support from Microsoft, what improvements to security have been implemented in later versions of Windows Server? Any big changes?
Server 2008 had the following:

1) New firewall with port filters and rules sets, full integration with Active Directory users and groups.
2) BitLocker drive encryption
3) Network Access Protection, to control computer network access
4) Address Space Layout Randomization, which helps fight buffer overrun exploits.

In Server 2012:
1) Dynamic Access Control to control unwanted access to the server.
2) Improvements to BitLocker
3) UEFI and Secure Boot. UEFI is the replacement for BIOS and Secure Boot prevents your system from booting or loading unknown OSes, firmware and drivers.

There's more to it than that but that's the basics.
One interesting observation that the CTO of Microsoft Australia made recently was that if a company is still running WS2003, it is likely that they are also still running Windows XP. As he put it, “That would be like leaving your back door and your front door open while going on holiday!”

Another thing to think about is what the environment was like in 2003. WS2003 was not built with the cloud and significant amount of mobile traffic that we have today. It was build for another time...and some of the risks that are faced today were not even considered when WS2003 was developed.
Answer this