Microsoft on Longhorn Server Security
Microsoft has been talking up it’s security on the upcoming Longhorn server, saying a couple features such as a self healing file system and an automatic patch check system. The self healing file system will take care of things such as bad sectors, and even cpu’s with a high number of self correcting errors, but really all it is is some of the desk checking utilites, such as chkdsk and defrag will be running in the background.
One of the new features is “secure-at-install,” which is designed to help secure new installations of the operating system in specific server roles. When a new server is installed as a terminal server or file server, for example, the system will automatically find and apply security updates that apply to a particular role, Microsoft said.
NAP, or network access protection, will also be included int he server OS, which will let users perform a check on PCs connecting to their network and block clients that don’t meet rules, such as the latest patches and virus signatures.
At an unspecified time after it releases Longhorn Server, Microsoft plans to add a Security Token Service, or STS, to Active Directory. This new service is to extend capabilities Microsoft plans to offer with Active Directory Federation Services, or ADFS, which is set to ship with Windows Server 2003 R2.
Previous Next ADFS lets users create trust relationships with other Active Directory users and enable authentication across corporate boundaries. STS will offer extended federation and privacy support, and integrated resource discovery and management, among other features, Microsoft said.
STS also will support InfoCard, a code name for a new Microsoft technology designed to provide secure storage for identity information that will be shared with online services such as Web stores.
They also made WinFx available, which is designed to make it easy for developers to use some of the security features in Windows, meaning they would no longer have to write the code for dealing with identity and access.
Read more here.