3.2. Considering What You Need to Secure in Windows

The most secure server in the world is the one that no one can access for any reason whatsoever. Of course, building a server like this one would mean that you wouldn't get any return on your investment. A server that doesn't provide access to something is worthless. Because access necessarily incurs security risks, you'll always have security issues to consider for your server. Balancing the risk of access against the need for access is the cornerstone of any good security plan. You must begin any security plan you create with the idea that access by someone that is supposed to have access automatically implies access by someone who doesn't have your permission. Monitoring is part of any good security plan because monitoring lets you see what others are doing with your server.

Now that I've dispelled the notion that you can create a perfect security plan, it's time to discuss the risk element of security in Windows. Previous versions of Windows assumed that everyone was good and allowed unrestricted access to the server unless you secured it. Windows Server 2008 takes nearly the opposite approach — with this operating system, Microsoft assumes everyone plans to do evil things to your computer. You have to tell Windows Server 2008 to provide access.