As more IT infrastructures become virtualized and migrate to public, private and hybrid cloud environments, cybersecurity has been a persistent concern. Taking assets off premises and entrusting them to third-party service providers always carries at least some degree of risk; the hardware and software that were once under your direct supervision are now someone else's responsibility. Although they are usually in good and experienced hands, you have to remain vigilant against the various possible cyberattacks against your critical servers, storage, networks and applications.
These concerns are relevant when working with platforms such as Microsoft Windows Server. For the past 20 plus years, Windows Server has been a mainstay of enterprise IT. Its features have been pivotal in the development of modern identity management (via Active Directory) as well as the ongoing virtualization boom (thanks in part to Hyper-V). But as an IT professional, what security risks should you be mindful of when working with Windows Server?
Windows Server's complex cybersecurity history
Securing Windows Server is a fundamental task, but it hasn't always been straightforward. Windows Server 2003 is a case in point. Long after it had been superseded by multiple new releases of the platform, Server 2003 continued to be widely used, right up to the eve of its end-of-life (EOL) designation in 2015, much like Windows XP, which easily outlasted its successor, Windows Vista. Familiarity as well as the costs and disruption risks associated with upgrading likely supported the inertia of sticking with such an old OS even with technically superior alternatives available.
The situation created plenty of anxiety about the numerous critical systems running on Windows Server 2003, which if not updated would have been vulnerable to old malware and zero-day threats that would have never received patches. The good news is that two years after it reached EOL, Windows Server 2003 use has dropped dramatically. Spiceworks had estimated 61 percent market share for the aging platform in early 2015, but that number fell to only 18 percent a year later (although slightly more than half of its respondents reporting running at least a single instance of Server 2003).
The particular vulnerabilities of Windows Server 2003 are not typically the top problems for a newer server OS with better built-in protections in addition to timely and current patches. However, that does not mean that there is nothing to worry about. In fact, Windows Server 2016 was designed with many modern cyberattack vectors in mind.
Securing Windows Server: The defenses built into Window Server 2016
An official Microsoft security white paper about Windows Server 2016 presented an attack scenario that has become increasingly common in recent years:
- Attackers conduct preliminary research on their targets, looking at sources such as social media channels.
- Using this information, they determine the best possible route past the organization's defenses; for example, they might settle on a plan to use spear-phishing to deceive email recipients into clicking links to compromised sites.
- If successful, the attack plan enables them to begin spying on network activity and/or stealing data. Often, they remain undetected for a considerable amount time; a 2016 Accenture survey found that for 59 percent of financial services providers, breach detection took several months.
Windows Server has been a target of such sophisticated schemes, with pass-the-hash, pass-the-token and pass-the-ticket attacks fitting into this general category. The question is how such intrusions can be thwarted or, at the very least, detected earlier to mitigate the cost of a breach, which can run into the millions of dollars per incidentaccording to the Ponemon Institute.
Privilege protections in Windows Server 2016
While the totality of Windows Server 2016 security features is beyond our scope here, there is one group of functions that deserves more attention, i.e. its various administrative privilege protections. Many attacks that might have been contained instead spiral out of control due to elevated privileges being easily available for long stretches of time. Accordingly, Windows Server 2016 includes numerous advanced safeguards against privilege escalation.
Just Enough Administration and Just In Time Administration both limit the extent and duration of privileges. The idea is to enable legitimate administrators to perform critical tasks using tools such as PowerShell, but curb the potential for abuse, especially in cases in which the permissions that might be exploited are not even necessary for the jobs at hand. One way in which these approaches can be implemented is through Local Administrator Password Solution, which works for Just In Time Administration. It stores passwords in Active Directory and protects them with access control lists so that only a small set of users can access them or request their reset.
Along similar lines, Windows Server 2016 also includes Credential Guard and Remote Credential Guard, both of which are brand new in the platform. They are specifically designed to protect credentials and credential derivatives from pass-the-hash and pass-the-token attacks. Another mechanism, Advanced Threat Analytics, is available for combating pass-the-hash attacks and detecting compromised identities that might be in use by cyber-attackers.
Additional security features to know about
As with all Windows OSes since Windows 8, Windows Server 2016 includes Windows Defender for defense against viruses, malware, spyware and threats to on-premises and cloud-based systems. Secure Boot is also available to ensure that only software trusted by the device manufacturer is able to start; this helps curb rootkits and other low-level attacks that often stem from unsigned programs.
An all-new feature in Windows Server 2016 is Control Flow Guard. It is built to contain memory corruption attacks capable of damaging applications such as Visual Studio.
Deepen your Windows Server security skills at New Horizons
As Windows Server continues to evolve, demand for relevant cybersecurity skills should increase in lockstep. You can help meet the ongoing shortage of security professionals by enrolling in program and certification tracks at New Horizons Computer Learning Centers.
Our webinars page includes frequently updated content on Windows Server, System Center and IT job hunting that can supplement your education. Check it out - along with our course listings - to find out more today.
