Cybersecurity is a constant concern as more IT infrastructures are virtualized and migrate to public, private, and hybrid cloud environments. The act of taking assets off premises and entrusting them in third-party service providers carries at least some risk. Hardware and software that were once under your direct oversight are now the responsibility of someone else. Even though they are usually in capable and experienced hands you must be vigilant against possible cyberattacks on your critical servers, storage and networks.
These concerns are pertinent when using platforms like Microsoft Windows Server. Windows Server has been an integral part of enterprise IT for over 20 years. Its features are key to modern identity management (via Active Directory), as well as the ongoing virtualization boom thanks in part to HyperV. What security risks are there for IT professionals working with Windows Server?
Complex cybersecurity history of Windows Server
Although Windows Server security is a crucial task, it has not always been easy. Windows Server 2003 is an example. Server 2003 was widely used long after it was replaced by several new versions of the platform. This is similar to Windows XP which outlasted Windows Vista. The familiarity and the disruption costs associated with upgrading likely supported the decision to stick with an older OS, even if there were better alternatives.
This situation caused a lot of anxiety about the critical systems running on Windows Server 2003. If they weren’t updated, they would have been at risk from old malware and zero-day attacks that would not have been addressed. Windows Server 2003 usage has declined dramatically in the two years since it was made obsolete. Spiceworks had an estimated 61% market share for the aging platform in 2015, but this number dropped to only 18% a year later (although less than half of its respondents reported running at least one instance of Server 2003).
Windows Server 2003’s vulnerabilities are often not a major problem for a newer server OS that has better built-in protections and timely patches. But that doesn’t mean there aren’t things to be concerned. Windows Server 2016 was actually designed with many modern cyberattack vectors as mind.
Windows Server Security: The defenses built into Window Server 2016
A Microsoft security whitepaper about Windows Server 2016 described an attack scenario that has become more common in recent years.
They conduct preliminary research on their targets and look at social media channels. If successful, they can use spear-phishing to trick email recipients into clicking links to compromised websites. They are often not detected for long periods of time. An Accenture survey in 2016 found that 59 percent of financial service providers were not able to detect breaches within a few months. Windows Server was a target of these sophisticated schemes. Pass-the hash, pass the token and pass-the -ticket attacks all fall under this category. It is important to know how these intrusions can be stopped or detected earlier in order to reduce the breach cost, which can reach into the millions of dollars per incident, according to the Ponemon Institute.
Privilege protections in Windows Server 2016
Although we cannot cover all of Windows Server 2016 security features, one group of functions deserves more attention: Its various administrative privilege protections. Many attacks that could have been contained spiral out of control because elevated privileges are easily accessible for long periods of time. Windows Server 2016 provides many advanced security features to prevent privilege escalation.
Just Enough Administration, and Just In Time Administration limit the duration and extent of privileges. The idea is to allow legitimate administrators to perform crucial tasks using tools like PowerShell but to limit abuse, especially when permissions that might not be needed for the job at hand are not necessary. These approaches can be implemented using the Local Administrator Password solution, which works for Just In Time Administration. It stores passwords in Active Directory, protects them with access control lists, so that only a limited number of users can access them and request their reset.
Windows Server 2016 also offers Remote Credential Guard and Credential Guard. Both of these new features are similar to the previous version. They are designed to protect credential derivatives and credentials from pass-the–hash and pass–the-token attacks. Advanced Threat Analytics is another mechanism that can be used to combat pass-the-hash and detect compromised identities that may be being used by cyber-attackers.
Additional security features you should know about
Windows Server 2016 comes with Windows Defender, which provides protection against malware, viruses, and other threats to both on-premises systems and cloud-based ones. Secure Boot is available to ensure that only software that is trusted by the device manufacturer can start; this helps to curb rootkits, and other low-level attacks that are often derived from unsigned programs.
Control Flow Guard is a new feature in Windows Server 2016. It is designed to contain
