Securing Microsoft Windows Server has become a more important task this decade as the complexity of the typical IT environment increases. Most important technical infrastructures were once housed on-premises and directly overseen by the IT department; but now, these assets may be situated in a public, private or hybrid cloud, or in a colocation facility.
Windows Server 2016 and the changing face of cybersecurity
The evolution of Windows Server itself provides a useful guide for understanding how security requirements have changed over the years:
- Windows Server 2000 introduced the Active Directory brand, unifying all the identity management services and processes that remain central to the security of modern multi-site Window Server implementations. Active Directory requires a lot of attention to secure properly: The use of highly privileged accounts, or the compromise of the domain controllers in Active Directory, can create major risks to organizational data and reputation.
- Windows Server 2008 included Hyper-V, the hypervisor that has accelerated the uptake of virtualization in Windows environments. Hyper-V continues to offer the essential functions - involving the creation and management of virtual machines - that make virtualization an appealing alternative to reliance on traditional physical hardware.
- Windows Server 2016 extended the capabilities of Hyper-V, added Failover Clustering and instituted a form of software-defined networking (SDN) similar to the Azure cloud. These features made Windows Server a better fit for organizations that have moved more of their operations into the cloud for improved scalability, flexibility and cost-effectiveness
In the most recent versions of Windows Server, the core security mechanisms are built to secure workloads and data regardless of their actual locations, which could be in a server closet or in a faraway data center. An OEM TV panel on Windows Server 2016 security described the overall approach as "proactive security" designed to spot anomalies early and address them if necessary, through a mix of measures such as log analytics integrations and privileged credentials protections and improvements to the virtualization fabric.
Log analytics integrations
Operations Management Suite has always been a useful resource when working with Windows Server. In Server 2016, its log analytics capabilities are even better thanks to the ability to integrate the security data available from the platform's more detailed logging.
These details can be plugged into an analytics engine alongside data such as intrusion detection events to produce a comprehensive "security story" about all IT environments within an organization. Unusual and suspicious activity be closely tracked and tied to alerts delivered to security personnel.
Privileged credentials protections
Administrators by definition have relatively extensive access to actions within any version of Windows Server. While such permissions are necessary for modifying and troubleshooting any environment, they can open the door for cyberattacks. There are several notable risks on this front, including privilege misuse/escalation as well as pass-the-hash and pass-the-ticket attacks:
- Privilege misuse was the cause of 14 percent of the data breaches documented in the 2017 Verizon Data Breach Investigations Report.
- Pass-the-hash has been a threat since the 1990s. It involves the impersonation of users by stealing password hashes from their accounts.
- Pass-the-ticket is a more recent innovation on the same attack vector, with the key difference being its use of service tickets to impersonate domain users.
A fundamental flaw in many administrator accounts is the extent of privileges many of them afford for an unlimited amount of time. This laxity enables the accumulation of credentials for use in cyberattacks.
Server 2016 includes some much-needed safeguards against such risks. For starters, there is Credential Guard, which uses virtualization-based security to protect credentials from interception. Remote Credential Guard offers similar protections when using remote desktop protocol (RDP). It enables secure single sign-on so that credentials are not passed to the RDP host, reducing the overall attack surface.
"There are provisions for 'just enough administration" and "just in time administration.'"
There are also provisions for "just enough administration" and the similar "just in time administration." These setups limit the scope of administrative privileges. Workflows are carefully audited and the number of required actions is greatly limited.
Virtualization fabric improvements
Sever 2016 has many new protections for virtual machines (VMs):
- Shielded Virtual Machines: BitLocker can encrypt VMs to shield their data from malware and compromised administrator accounts.
- Host Guardian Service: The keys needed for rebooting or migrating a Shielded VM can only be released to healthy hosts.
- Generation 2 Virtual Machines: Hardware-based security technologies, such as Trusted Platform Modules, can be supported as virtualized equivalents protecting VMs.
These features help protect what is actually on the VMs - e.g., applications and their respective data - even in cases in which the virtualization fabric is being managed by a contractor or other third-party. Such situations are becoming more common with the rise of hybrid clouds, which combine multiple environments potentially spanning local facilities and remote data centers. Windows Server 2016 provides advanced, dependable defenses for these complex new approaches to IT.
Learn more about Windows Server 2016 to advance your IT career
The ongoing evolution of Windows Server has ensured its place at the center of modern IT. It will continue to provide the security, scalability and reliability that organizations expect from server OSes.
To learn more about Server 2016 and other essential platforms for today's IT professionals, visit our webinars page. After that, check out our complete course listings and find a New Horizons Learning Group location near you.
