Securing Microsoft Windows Server has become a more important task this decade as the complexity of the typical IT environment increases. Most important technical infrastructures were once housed on-premises and directly overseen by the IT department; but now, these assets may be situated in a public, private or hybrid cloud, or in a colocation facility.
The evolution of Windows Server itself provides a useful guide for understanding how security requirements have changed over the years:
In the most recent versions of Windows Server, the core security mechanisms are built to secure workloads and data regardless of their actual locations, which could be in a server closet or in a faraway data center. An OEM TV panel on Windows Server 2016 security described the overall approach as "proactive security" designed to spot anomalies early and address them if necessary, through a mix of measures such as log analytics integrations and privileged credentials protections and improvements to the virtualization fabric.
Operations Management Suite has always been a useful resource when working with Windows Server. In Server 2016, its log analytics capabilities are even better thanks to the ability to integrate the security data available from the platform's more detailed logging.
These details can be plugged into an analytics engine alongside data such as intrusion detection events to produce a comprehensive "security story" about all IT environments within an organization. Unusual and suspicious activity be closely tracked and tied to alerts delivered to security personnel.
Administrators by definition have relatively extensive access to actions within any version of Windows Server. While such permissions are necessary for modifying and troubleshooting any environment, they can open the door for cyberattacks. There are several notable risks on this front, including privilege misuse/escalation as well as pass-the-hash and pass-the-ticket attacks:
A fundamental flaw in many administrator accounts is the extent of privileges many of them afford for an unlimited amount of time. This laxity enables the accumulation of credentials for use in cyberattacks.
Server 2016 includes some much-needed safeguards against such risks. For starters, there is Credential Guard, which uses virtualization-based security to protect credentials from interception. Remote Credential Guard offers similar protections when using remote desktop protocol (RDP). It enables secure single sign-on so that credentials are not passed to the RDP host, reducing the overall attack surface.
"There are provisions for 'just enough administration" and "just in time administration.'"
There are also provisions for "just enough administration" and the similar "just in time administration." These setups limit the scope of administrative privileges. Workflows are carefully audited and the number of required actions is greatly limited.
Sever 2016 has many new protections for virtual machines (VMs):
These features help protect what is actually on the VMs - e.g., applications and their respective data - even in cases in which the virtualization fabric is being managed by a contractor or other third-party. Such situations are becoming more common with the rise of hybrid clouds, which combine multiple environments potentially spanning local facilities and remote data centers. Windows Server 2016 provides advanced, dependable defenses for these complex new approaches to IT.
The ongoing evolution of Windows Server has ensured its place at the center of modern IT. It will continue to provide the security, scalability and reliability that organizations expect from server OSes.
To learn more about Server 2016 and other essential platforms for today's IT professionals, visit our webinars page. After that, check out our complete course listings and find a New Horizons Learning Group location near you.