Security is the biggest concern nowadays for all the organization and to maintain the control of your whole environment we should bring the better hardening solutions. This article is the first part to talk on those scenarios and pointers (Windows Server 2016 Hardening). We will soon publish the second part of it soon.
Source: Microsoft Security Center
Security is a real risk for organizations; a security breach can be potentially disrupting for all business and bring the organizations to a halt.
Sooner you can detect a potential attack that will help you more to mitigate any compromise in security. The attacker starts researching weak points and then proceeds to perform the attack. Once attackers are in an environment, the next step the perform by escalating their privileges through lateral movement within the operating environment until they take control over the organization within 24 to 48 hours from the first compromise.
We need to extend the time it takes an attacker to take control to weeks or even months by blocking their lateral movements and hardening your systems.
The following is a typical attack scenario:
Windows Server 2016 has built-in security features to help & improve better harden the operating system and detect malicious activity by:
Build a secure foundation by implementing best practice as mentioned below
Microsoft updates for Windows operating systems regularly gets a release. These patches include security updates to keep Windows Server secure as new threats and vulnerabilities are discovered as well as anti-malware and anti-spyware definition updates for Windows Defender.
You can deploy these updates to the servers in your organization by using one of the methods listed in the following table.
Windows operating systems include security settings that you can use to help harden computer security profiles. Microsoft publishes security baselines which provide for recommended settings for Windows Firewall, Windows Defender, and other security settings. These security baselines are supplied as Group Policy object (GPO) backups that you can import into ADDS and then deploy to domain-joined servers. Further, you can use some tools to understand and do the server level and domain level hardenings.
One Tool I like to mention is LAPS which is apart from Just Enough Administration (JEA), Just in Time Administration (JIT), Credential Guard, Remote Credential Guard and Advanced Threat Analytics.
Local Administrator Password Solution is a beneficial solution to automatically manages local administrator password on domain-joined computers, so as the password is:
This solution is built upon just AD infrastructure, so there is no need to install and support other technologies. This tool itself is a Group Policy Client-Side Extension that is mounted on managed machines and performs all management tasks. Management tools delivered with the solution allow for easy configuration and administration.
Image Source: Microsoft
It helps to do following task:
You should perform scheduled backups of the Windows Server operating system, including the applications and data stored on Windows Server. Doing so will help protect against ransomware attacks on Windows Server. You should perform backups frequently so that you can quickly restore to a point-in-time before a ransomware attack.
OMS is a cloud-based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. OMS is implemented as a cloud-based service, and you can start maintaining your apps, services, and support with minimal extra investment. OMS is also updated periodically with new features and can help dramatically reduce your ongoing maintenance and upgrade costs.
OMS offers the following critical capabilities:
Privileged identities are any accounts that have elevated privileges, such as user accounts that are members of the Domain Admins, Enterprise Admins, local Administrators, or even Power Users groups. You need to protect these privileged user identities from compromise by potential attackers.
Privileged identities often get compromised when organizations do not have proper guidelines to protect them. The following are examples:
There are of course other methods that the attackers can use to identify and compromise privileged user identities (with new techniques being created every day).
You can reduce the attack surface for privileged identities (discussed in the previous section) with each of the mitigations described in the following table.
Many organizations use the Local Administrator Password Solution (LAPS) as a simple yet powerful JIT administration mechanism for their server and client systems.
· Implement Remote Credential Guard to help protect credentials and credential derivates from attacks such as Pass-the-Hash or Pass-the-Token that can be performed on servers that host Remote Desktop connections. Remote Credential Guard is a new feature in Windows Server 2016.
I will continue to write on this series based on the my expeirence with Global clients that i worked with. I hope the article was helpful. Questions/suggestions are welcome in the comment section below. Thanks for visiting!
Comments are closed.