Attack Surface Reduction for a Server Appliance
6/22/2010
You can reduce the attack surface of a server appliance to help reduce the exposure of the appliance to security vulnerabilities. The attack surface is the code that is available to run on the server appliance. To reduce the risk of attack, you might consider doing one or more of the following:
- Minimize the count of running applications and server roles
- Disable unnecessary services that are running
- Configure user accounts to reduce user privilege
Another way to effectively reduce the attack surface of your server appliance is to use the Server Core installation option for Windows Server as the OS for the appliance. Some parts of the full installation of Windows Server are not present in Server Core; for example, the Windows shell and Internet Explorer. For more information about the benefits of using Server Core as a server-appliance platform, see Building a Server Appliance Based on Server Core.
The following table shows where you can find more information about making a computer running Windows Server 2008 R2 or Windows Server 2008 more secure.
| Link | Description |
|---|---|
Provides technical bulletins, advisories, updates, tools, and security guidance designed for Windows Server 2008 R2 and Windows Server 2008. |
|
Lists security-related functionality that has changed or is new in the Windows Server 2008 operating system. |
|
What's New for Operating System Hardening and Integrity for Windows Server 2008 |
Describes enhancements in various kernel and operating system features that help provide built-in security in the Windows Server 2008 operating system. |
Describes the security and policy enhancements in Windows Server 2008 R2. |
See Also
Concepts
Configuration Lockdown for a Server Appliance
Package Removal From Server Core