Server Core
From SCADApedia
A key security principle is to keep your attack surface as small as possible. This has been difficult in Windows due to the proprietary nature of the code and code bloat in general. Microsoft addresses this in Windows Server 2008 with Server Core.
Contents |
Environment
Server Core is a minimal install with just the kernel, network stack and security services. There is no GUI, it is a command line or Windows without the Windows.
There is no managed code in Server Core; no .Net. There is no Windows Explorer, Internet Explorer or other frequently used applications. Notepad is provided for simple text editing, but it is the exception. Microsoft claims Server Core takes about 1GB of hard disk space.
This approach minimizes the attack surface. Not only are unnecessary services turned off; they are not there. This also reduces the opportunity for an administrator to make a mistake with a security impact.
Server Roles
Microsoft envisions five roles and is developing installations for each of these roles. The six roles are File Server, DHCP Server, DNS Server, Media Services, Print Server and Active Directory.
Application vendors can create additional roles and develop Server Core installations to support these roles. OSIsoft is the first control system vendor to develop a Server Core role for their PI Server.
Reduced Patching
A secondary benefit of reducing the attack surface is a probable reduction in the number of patches that must be deployed. For example, none of the Internet Explorer patches would apply to Server Core. Digital Bond is tracking the impact of Server Core on patching on the Server Core Patch Analysis SCADApedia page.
