Install the BitLocker Drive Encryption feature using the Server Manager console.
Open the Local Group Policy Editor console, browse to the Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption node, and open the Control Panel Setup: Enable advanced startup options policy.
Before you consider any other security mechanisms or even operating system and application deployments, you should take steps to ensure that your servers are stored in a location that is physically secure.
Biometric identification is the process of establishing an individual’s identity based on biometric information, essentially asking the system to indicate who the person is.
A firewall is a software program that protects a computer by allowing certain types of network traffic in and out of the system while blocking others. A firewall is essentially a series of filters that examines the contents of packets and the traffic patterns to and from the network to determine which packets it should allow to pass through the filter.
The default rules preconfigured into the firewall are designed to admit the traffic used by standard Windows networking functions, such as file and printer sharing. For outgoing network traffic, Windows Firewall allows all traffic to pass the firewall except that which conforms to a rule.
The Windows Firewall Settings dialog box is designed to enable administrators to create exceptions in the current firewall settings as needed. For full access to the Windows Firewall configuration settings, you must use the Windows Firewall With Advanced Security snap-in for the Microsoft Management Console.
On most networks, users identify themselves with an account name or an email address. The proof of identity can vary, however, typically taking one of three forms: something you know, something you have, or something you are.
To protect data stored on and transmitted over a network, computers use various types of encryption to encode messages and create digital signatures that verify their authenticity. For one computer to encrypt a message and another computer to decrypt it, both must possess a key.
Windows Server 2008 provides a series of password settings that you can implement using Group Policy, either locally or through Active Directory. An effective combination of password policies compels users to select appropriate passwords and change them at regular intervals.
Files, folders, shares, registry keys, and Active Directory objects are all protected by permissions. To store the permissions, each of these resources has an access control list (ACL). An ACL is a collection of individual permissions in the form of access control entries (ACEs).
Each ACE consists of a security principal (that is, the name of the user, group, or computer granted the permissions) and the specific permissions assigned to that security principal. When you manage permissions in any of the Windows Server 2008 permission systems, you are actually creating and modifying the ACEs in an ACL.