Understanding Microsoft's Security Philosophy in Windows Server 2003
In This Chapter
Understanding Microsoft's security philosophy, page 46.
Using security tools, page 47.
Encrypting data, page 56.
Developing a security strategy, page 62.
Security was a major focus area for Microsoft during the development of Windows Server 2003. In fact, Microsoft created its new Trustworthy Computing initiative during the development of Windows Server 2003 and actually suspended Windows Server 2003's development for two months to focus exclusively on security issues.
As a result, Windows Server 2003 is perhaps the most secure out-of-the-box version of Windows to date. However, that does not mean you can simply install Windows Server 2003 and have a completely secure server. Security is always a trade-off between security and functionality, and you need to configure your servers to strike the appropriate balance for your environment. Windows Server 2003 does make it easier to secure your environment with a variety of security-specific tools, data encryption, and so forth.
Another major security problem Microsoft has tried to deal with over the years is secure code. Viruses, malicious scripts, and other forms of unsecure code have plagued Microsoft operating systems for years. With the release of the .NET Framework, Microsoft has created the first software development environment that incorporates security from the ground up. As software developers move to the .NET Framework for corporate application development, you as a Windows administrator will have more control over the code that executes in your environment, allowing you to prevent malicious code from affecting the productivity of your users.