As the IT environment becomes more complex, it has become more important to secure Microsoft Windows Server. The most important technical infrastructures used to be housed on-premises. IT departments were responsible for monitoring them. However, they can now be located in the cloud, colocation facilities, or private hybrid clouds.
Windows Server 2016 and the changing face cybersecurity
The evolution of Windows Server is a good guide to understanding how security requirements have changed throughout the years.
Active Directory was introduced in Windows Server 2000. It unites all identity management services and processes that are essential to modern multi-site Window Server implementations. Active Directory is very important to secure. The misuse of highly privileged accounts or compromise of Active Directory domain controllers can pose serious risks to your organization’s reputation and data. Windows Server 2008 also included Hyper-V, a hypervisor that has helped to accelerate virtualization in Windows environments. Hyper-V still offers the essential functions – including the creation and management virtual machines – which make virtualization an attractive alternative to traditional physical hardware. Windows Server 2016 added Failover Clustering to Hyper-V and introduced a form of software-defined network (SDN), similar to the Azure cloud. Windows Server 2016 features make it a better choice for organizations that have moved more operations to the cloud for increased scalability and flexibility. The core security mechanisms in Windows Server 2016 are designed to protect workloads and data no matter where they are located, whether in a server closet, faraway data center, or anywhere else. The overall approach to Windows Server 2016 security was described by an OEM TV panel as “proactive security”. This means that anomalies can be detected early and addressed if necessary through a combination of measures like log analytics integrations, privileged credentials protections, and improvements to virtualization fabric.
Log analytics integrations
When working with Windows Server, Operations Management Suite has been a valuable resource. Server 2016’s log analytics capabilities are even more powerful because it can integrate security data from the platform’s more detailed logging.
These details can be added to an analytics engine along with data such as intrusion detection incidents to create a comprehensive “security tale” about all IT environments within an organisation. Security personnel should be alerted if there is suspicious or unusual activity.
Protections for privileged credentials
Administrators have a lot of access to all versions of Windows Server. These permissions are essential for troubleshooting and modifying any environment. However, they can also open the door to cyberattacks. This presents several risks, including privilege misuse/escalation and pass-the–hash and pass–the-ticket attacks.
Privilege misuse was responsible for 14 percent of data breaches reported in the 2017 Verizon Data Breach Investigations report. Pass-the-hash is a threat that has been around since the 1990s. It involves the impersonation of users by stealing password hashes from their accounts.Pass-the-ticket is a more recent innovation on the same attack vector, with the key difference being its use of service tickets to impersonate domain users.A fundamental flaw in many administrator accounts is the extent of privileges many of them afford for an unlimited amount of time. This allows for the accumulation of credentials that can be used in cyberattacks.
Server 2016 provides some important safeguards against such risks. Credential Guard is a virtualization-based security solution that protects credentials from being intercepted. Remote Credential Guard provides similar protections for remote desktop protocol (RDP). It allows secure single sign-on, so credentials are not passed on to the RDP host. This reduces the attack surface.
“There are provisions to allow for “just enough administration” or “just in case administration.”
There are provisions for “just enough administration” as well as the similar “just in case administration.” These arrangements limit administrative privileges. The number of actions required is limited and workflows are thoroughly audited.
Virtualization fabric improvements
Many new protections have been added to virtual machines (VMs), as part of Sever 2016.
Shielded Virtual Machines – BitLocker can encrypt VMs against malware and compromised administrator accounts. These situations are becoming more common due to hybrid clouds, which combine multiple environments that can span local facilities as well as remote data centers. Windows Server 2016 offers advanced, reliable defenses against these new approaches to IT.
To advance your IT career, learn more about Windows Server 2016.
Windows Server’s continued evolution has secured its place at the heart of modern IT. It will continue to deliver the security, scalability, and reliability that organizations have come to expect from server OSes.
Learn more about Server 2016 and the other important platforms for today’s IT professionals