Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, April 09, 2004

Security Updates on Tap for Server 2003

Even as it puts finishing touches on major security upgrades for Windows XP due later this spring, Microsoft Corp. is preparing a similarly extensive set of security improvements for Windows Server 2003.

One of the biggest modifications expected for the server operating system is a system known as ACI (Advanced Client Inspection), which checks the health of PCs attempting to connect to a network.

The system is similar to Cisco Systems Inc.‘s Network Admission Control project but is done strictly through Windows.

When a client machine tries to log on to a network, Windows Server 2003 checks the security posture of the PC and compares it against a predetermined corporate policy.

Microsoft plans to ship a set of security policy templates for ACI, but customers can design their own as well.

The system also will allow administrators to set group policies for departments that have differing security requirements.

“The notion of one size fitting all in terms of security just isn’t the case,” said Mike Nash, vice president of the Security and Technology Business Unit at Microsoft, in an interview during the Microsoft Security Summit here last week.

While Microsoft plans to release a service pack for Windows Server 2003 in the second half of this year, it’s unclear whether ACI will be included in that or delivered in some other form, Nash said.

This technology, along with some behavior-blocking and intrusion prevention features, is part of a second set of security tools that the company has planned for Windows XP but that likely won’t be ready in time for SP2 (Server Pack 2), which is in beta.

Nash said SP2 will include a tool that gives customers the ability to specify which wireless LANs users are allowed to connect to, thereby eliminating the risk that can arise from connecting to unknown and potentially hostile networks.,4149,1565334,00.asp?kc=EWRSS03119TX1K0000594

Posted on 04/09