Windows server

Microsoft seriously tightens security in Windows Server 2019

By Terry J. Morgan

There’s no doubt that when it comes to security, Microsoft Windows Server 2019 has come a long way since the early days of this venerable platform, when my then 10-year-old daughter was able to hack into the password file of the server. As far as I’m concerned, the most important thing Microsoft has learned since then is that security has to be there from the start; it cannot be an add-on or an afterthought.

Equally important, Microsoft has changed its view of security, realizing that there are some things you just can’t prevent, which means you have to find other ways to prevent them. prevent them from becoming security vulnerabilities. A good example is the company’s thinking about perimeter security and access.

Now, in a series of company publications, Microsoft’s server team admits that the network can no longer be thought of as the local security perimeter. Modern networks are breaking the boundaries of traditional networks as they increasingly rely on hybrid technologies, such as infrastructure as a service (IaaS) and cloud application services. By realizing this, the company recognizes that if the bad guys want to break into your network, they are likely to. This means you have to find new ways, such as identity, to prevent them from taking advantage. entrance.

Likewise, the company recognizes that phishing and social engineering have become good enough that there is always a risk of breaching these attacks. The fact that people will likely be tricked or otherwise coerced into giving up their login credentials at some point means you need to design in a way that minimizes the damage from this vector and prevents reuse of credentials. It means rethinking the concept of access and realizing that you’ll likely need to go beyond using proven methods that involve easy-to-steal credentials like usernames and passwords.

Hacker, Hacking, Security

Using a multi-layered security approach

But security isn’t just about credentials, which is why Microsoft has designed a layered approach to security. Some of the security features that are part of Microsoft Windows Server 2019 (see the Microsoft Store site for details) are covered in a “What’s New in Windows Server 2019” document. Some of the highlights include Windows Defender Advanced Threat Protection (ATP), which is much more than just an anti-malware package.

Although Windows Defender ATP protects against malware, it is also a multi-layered protection system that can stop malware in its tracks by monitoring changes in Windows Server. This includes exploit protection, attack surface reduction, real-time monitoring, and automated attack responses. Server ATP is also able to integrate with Azure ATP and Office 365 ATP. The result is that Windows Defender ATP provides intrusion detection and prevention features in addition to basic endpoint protection and anti-malware services.

In the meantime, knowing that it is not always possible to prevent intruders from accessing your network, Windows Server 2019 also protects the data and communications contained in the server and in the links between machines, whether they are be real or virtual. For example, Windows Server 2019 supports containers for Windows and Linux as well as Shielded Virtual Machines for both operating systems. There is also a secure console connection for both.

Windows Server 2019’s support for software-defined networking also brings a new security feature to the operating system, encrypted subnets. Encryption can be enabled when subnets are used for communications between virtual machines, preventing an intruder with access to the physical network from accessing information transported over the network. This feature is built into the operating system and should only be enabled with a checkbox.

Software-defined network (SDN) firewall in Windows Server 2019 now supports firewall auditing. So when you enable an SDN firewall, any flow processed by the firewall rules can have logging enabled and then recorded.

Security vulnerability vulnerabilities

Overview of real-time protections

Some real-time protections include Kernel Control Flow Guard, System Guard Runtime Monitor, and enhanced Device Guard policy updates. Kernel Control Flow Guard helps prevent malware from executing malicious code where it can take advantage of vulnerabilities. This extends the capabilities of the old Control Flow Guard.

System Guard Execution Monitor is a feature that verifies the operations of other security features that, among other things, can confirm that reports that security software is working properly are true. This helps protect against the efforts of some attackers and malware authors to subvert certain security software by generating integrity messages that are not actually true.

Device Guard Policy Updates now allow policy updates to be made without restarting the server, eliminating an important reason to postpone these updates.

A significant update for working with virtual machines is the ability to run the Host Guardian Service (HGS) on machines that are only intermittently connected to the HGS.

Most pressing tasks for cybersecurity professionals in 2018:
Companies - Statista - The most urgent tasks for cybersecurity professionals in 2018

(Image credit: Statista)

Privileged Identity Management

According to Dean Wells, Senior Program Manager for Windows Server, managing privileged identities is critical to Windows Server 2019 security. As he explains in a Windows Server Blog post, Microsoft aims to manage privileged identities, secure the operating system and securing the structure. virtualization using virtualization-based security.

“These guiding principles and areas of focus help us ensure that we not only provide reactive mitigation to what are unfortunately becoming common threats, but also incorporate proactive measures that prevent attacks from starting in the first place. In short, security is not a bolt, it is an architectural principle,” Wells wrote.

Importantly, Windows Server 2019 is designed to be highly secure. This does not mean that the operating system will not be attacked or that some attacks will not succeed. But it does mean that successful attacks may be limited in their actual success, and the operating system provides a way to discover and stop these attacks. These are critically important features in today’s security environment.

What's New Now to get our top stories delivered to your inbox every morning.","first_published_at":"2021-09-30T21:30:40.000000Z","published_at":"2022-03-29T17:10:02.000000Z","last_published_at":"2022-03-29T17:09:22.000000Z","created_at":null,"updated_at":"2022-03-29T17:10:02.000000Z"})" x-show="showEmailSignUp()" class="rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 mt-8 container-xs">
Receive our best stories!

Register for What’s up now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertisements, offers or affiliate links. Signing up for a newsletter indicates your consent to our Terms of Service and Privacy Policy. You can unsubscribe from newsletters at any time.

Related posts:

  1. WatServ obtains an advanced specialization for the migration of Microsoft Windows Server and SQL Server to Microsoft Azure
  2. Marvell Technology: Do you have any chemistry? Windows Server 2022 and Marvell QLogic Fiber Channel
  3. Windows Server 2022 is here! – Virtualization review
  4. KB2757011 interrupts Remote Web Access in SBS / WHS11 – Fixed!
Terry J. Morgan
You might also like More from author

Comments are closed.