Security
Reader small image

You're reading from  Mastering Windows Server 2022 - Fourth Edition

Product typeBook
Published inMay 2023
PublisherPackt
ISBN-139781837634507
Edition4th Edition
Tools
Windows Server
Concepts
Information Security
Right arrow
Author (1)
Jordan Krause
Jordan Krause
author image
Jordan Krause

Jordan Krause has been an IT professional for more than 20 years and has received 9 Microsoft MVP awards for his work with Microsoft server and networking technologies. One of the world's first experts on Microsoft DirectAccess, he has a passion for helping companies find the best ways to enable a remote workforce. Committed to continuous learning, Jordan holds certifications as an MCSE, MCSA, and MCITP Enterprise Administrator, and has authored numerous books on Microsoft technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.
Read more about Jordan Krause

Right arrow

Join our book community on Discord

https://packt.link/SecNet

9.44 million dollars. For anyone who read that in the voice of Dr. Evil, my hat goes off to you. For anyone who has no idea what I'm talking about, you may have had a sheltered childhood. Joking aside, that number is significant to IT security. Why? Because 9.44 million dollars is the average cost to a US-based business when they are the victim of a data breach. I originally heard this and other scary statistics at a Microsoft conference in Redmond, and the numbers have continued to climb year on year. How about looking at another statistic that can be used to get approval for an increase in your security budget? Depending on which study you read, the average number of days of dwell time an attacker has in your network (the time they spend hanging around inside your files and infrastructure before they are detected and eradicated) can be as high as 200. Think about that—200 days! That is the better part of a year...

Microsoft Defender Antivirus

The term Windows Defender has been around for many years, but its terminology and capabilities have evolved numerous times with new OS releases. Defender existed even as far back as 2005, at the time providing very simple antimalware protection. The Windows 8 era introduced a fairly staggering change for Windows users, including Windows Defender in the operating system, free, out of the box. Although this sounds great on paper, Defender's capabilities were not taken too seriously by the IT population. Fast forward to today, however, and what is now known as Microsoft Defender Antivirus is a much improved antimalware/antivirus that is running on millions of Windows 10 and 11 client computers as well as, you guessed it, current versions of Windows Server. Defender Antivirus exists in the OS and is enabled by default, and as a result has a level of integration and responsiveness that is hard for third-party vendors to match. I can't tell you how many...

Windows Defender Firewall – no laughing matter

Let's play a word association game. I will say something, and you say the first word that comes to mind.

Network security.

Did you say firewall? I think I would have. When we think of securing our devices at the network level, we think of perimeters. Those perimeters are defined and protected by firewalls, mostly at a hardware level, with specialized networking devices made to handle that particular task in our networks. Today, we are here to talk about another layer of firewalling that you can and should be utilizing in your environments. Yes, we are talking about Windows Firewall. Stop laughing, it's rude!

It is easy to poke fun at Windows Firewall based on its history. In the days of Windows XP and Server 2003, it was pretty useless and caused way more headaches than it solved. These feelings were so common that I still today find many companies who completely disable Windows Firewall on all of their domain-joined systems...

Encryption technologies

An idea that has taken a fast step from something the big organizations are playing around with to everybody needs it is the use of encryption. Most of us have been encrypting our website traffic for many years by using HTTPS websites, but even in that realm there are surprising exceptions, with a lot of the cheap web-hosting companies still providing login pages that transmit traffic in clear text. This is terrible, because with anything that you submit over the internet now using regular HTTP or an unencrypted email, you have to assume that it is being read by someone else. Chances are you are being paranoid and nobody is actually intercepting and reading your traffic, but you need to know that if you are accessing a website that says HTTP in the address bar, or if you are sending an email from any of the free email services, any data that is being entered on that web page or in that email can easily be stolen by someone halfway around the world. Data encryption...

Azure AD Password Protection

If you are an Azure Active Directory customer, you already have access to this new function called Azure Active Directory Password Protection, formerly known as banned passwords. The idea is this: Microsoft maintains a global ongoing list of commonly bad passwords (such as the word password) and automatically blocks all variants of that password, such as P@ssword, Password123, and so on. Any of these potential passwords would be blocked altogether if a user ever tried to create one as their own password. You also have the ability to add your own custom banned passwords inside the Azure Active Directory interface. Once you have banned passwords up and running in Azure, this capability can then be ported to your on-premises Active Directory environment as well, by implementing the Azure Active Directory Password Protection proxy service (whew, that's a mouthful). This proxy is an agent that gets installed onto your local Domain Controller servers, and pulls...

Fine-grained password policy

As promised way back during our discussion of domain-level password policy, we are here to walk through the building of a fine-grained password policy. Most organizations do require specific password complexity for their users, but almost always by way of the default domain policy GPO, which means that the password complexity and expiration settings are exactly the same for everyone within the domain.

What if you have requirements to enable complexity on some user accounts but not on others? Perhaps you have sales personnel who travel constantly and requiring very strong and complex passwords makes a lot of sense for them. But let's say you also have a machine shop where users have to log into computers every day, but those computers never leave the office and the users never type in their credentials into any systems other than those physically secure devices.

Is it really necessary for those machine shop users to have the same level of password complexity...

Advanced Threat Analytics – end of support

In my opinion, one of the coolest security features to have ever breathed life at Microsoft is Advanced Threat Analytics (ATA), and yet I have hardly heard anyone talk about it. Perhaps because they never went so far as to add it as a native feature built into the Windows Server OS. ATA is an on-premises software that rides on top of Windows to produce some amazing functionality. Essentially, what ATA does is monitor all of your Active Directory traffic and warn you of dangerous or unusual behavior in real time, immediately as it is happening.

Unfortunately, ATA reached the end of mainstream support in January 2021. Extended support continues until 2026, however, and so I am choosing to retain information in this latest book edition because this is still a valid technology and will continue to exist in environments where it is installed for years to come. There is additional information at the end of this section regarding the ATA roadmap...

General security best practices

Sometimes we need only to rely on ourselves, and not necessarily on functionality provided by the OS, to secure our systems. There are many common-sense approaches to administratorship (it's kind of fun being behind this keyboard: I get to make up new words all day long) that are easy to accomplish but are rarely used in the field.

The following are a few tips and tricks that I have learned over the years and have helped companies implement. Hopefully, you as the reader have even more to add to this list as to what works well for you, but if nothing else this section is intended to jog your thinking into finding creative ways with which you can limit administrative capability and vulnerability within your network.

Getting rid of perpetual administrators

Do all of your IT staff have domain admin rights the day they are hired? Do any of your IT staff have access to the built-in domain administrator account password? Do you have regular users whose logins...

Summary

The number-one agenda item for many CIOs is security. Security for your client machines, security for your networks, security for your cloud resources, and most importantly security for your data. There is no single solution to secure your infrastructure; it requires many moving parts and many different technologies all working together to provide safety for your resources. The purpose of this chapter was to provide examples of security measures and technologies that can be utilized in anyone's environments, as well as to reprioritize the importance that security has in today's IT world. Concerns about privacy and security need to be discussed for any and every technology solution that we put into place. Too many times do I find new applications being implemented inside organizations without any regard to how secure that application platform is. Applications that transmit or store data unencrypted need to be modified or dumped. Protection of information is essential...

Questions

  1. What is the name of the antimalware product built into Windows Server 2022? (Answer: Microsoft Defender Antivirus)
  2. When a domain-joined computer is sitting inside the corporate LAN, which Windows Defender Firewall profile should be active? (Answer: The Domain profile)
  3. Other than the Domain Profile, what are the other two possible firewall profiles inside Windows Defender Firewall? (Answer: Public and Private)
  4. When creating a firewall rule to allow IPv4 ping replies, what protocol type must you specify inside your inbound rule? (Answer: ICMPv4)
  5. What is the easiest way to push standardized Windows Defender Firewall rules to your entire workforce? (Answer: Group Policy)
  6. A virtual machine whose virtual hard disk file is encrypted is called a...? (Answer: Shielded VM)
  7. What is the name of the Microsoft technology that parses domain controller information in order to identify pass-the-hash and pass-the-ticket attacks? (Answer: Advanced Threat Analytics)
  8. Which RDP port number is considered...
lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 11 of 20
Next Chapter
You have been reading a chapter from
Mastering Windows Server 2022 - Fourth Edition
Published in: May 2023Publisher: PacktISBN-13: 9781837634507
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Author (1)

author image
Jordan Krause

Jordan Krause has been an IT professional for more than 20 years and has received 9 Microsoft MVP awards for his work with Microsoft server and networking technologies. One of the world's first experts on Microsoft DirectAccess, he has a passion for helping companies find the best ways to enable a remote workforce. Committed to continuous learning, Jordan holds certifications as an MCSE, MCSA, and MCITP Enterprise Administrator, and has authored numerous books on Microsoft technologies. Jordan lives in beautiful West Michigan (USA), but works daily with companies around the world.
Read more about Jordan Krause

Personalised recommendations for you

Based on your interests and search pattern

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Applications

Attacking and Exploiting Modern Web Attacks will help you understand how to identify attack surfaces and detect vulnerabilities. This book takes a hands-on approach to implementation and associated methodologies and equips you with the knowledge and skills needed to effectively combat web attacks.

BookAug 2023338 pages
Automotive Cybersecurity Engineering Handbook

Automotive Cybersecurity Engineering Handbook

This Automotive Cybersecurity Engineering Handbook untangles the complexities of building secure automotive products and helps you to comply with cybersecurity standards. It provides practical tools, tips, and techniques coupled with real-world examples to enable you to create cyber-resilient automotive products with ease.

BookOct 2023392 pages
Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

Official Google Cloud Certified Professional Cloud Security Engineer Exam Guide

This book will help you to design, develop, and operate security controls on Google Cloud as well as discover best practices for relevant security domains, including identity and access management, network, and data.

BookAug 2023496 pages
Cloud Penetration Testing for Red Teamers

Cloud Penetration Testing for Red Teamers

The advent of cloud networks and the AWS, Azure, and GCP platforms has revolutionized how companies of all sizes in all industries do business online. This book will help you meet the emerging demand for pentesting as it guides you through the tools, techniques, and security measures used by pentesters and red teamers in the 2020s and beyond.

BookNov 2023298 pages
ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Exam Guide

ISACA Certified in Risk and Information Systems Control (CRISC®) Certification Guide is an enterprise IT risk management professional’s dream. With its in-depth approach and various self-assessment exercises, this book arms you with knowledge of every single aspect of the certification, and is a fantastic career companion after you’re certified.

BookSep 2023316 pages5
Burp Suite Cookbook

Burp Suite Cookbook

Burp Suite is an immensely powerful and popular tool for web application security testing. This book provides a collection of recipes that address vulnerabilities in web applications and APIs. It offers guidance on how to configure Burp Suite, make the most of its tools, and explore into its extensions.

BookOct 2023450 pages
Building and Automating Penetration Testing Labs in the Cloud

Building and Automating Penetration Testing Labs in the Cloud

This hands-on guide will help you design and build a variety of penetration testing labs that mimic modern cloud environments running on AWS, Azure, and GCP. In addition to these, you will explore a number of practical strategies on how to manage the complexity, cost, and security risks involved when setting up vulnerable cloud lab environments.

BookOct 2023562 pages
Ethical Hacking Workshop

Ethical Hacking Workshop

As cyber-attacks grow and APT groups advance their skillset, you need to be able to protect your enterprise against cyber-attacks. In order to limit your attack surface, you need to ensure that you leverage the same skills and tools that an adversary may use to hack your environment and discover the security gaps. This book will teach you how to think like a hacker, use state-of-the-art hacking tools, and protect yourself and your organizaiton.

BookOct 2023220 pages
Windows Forensics Analyst Field Guide

Windows Forensics Analyst Field Guide

This book contains step-by-step processes to guide you in any investigation related to Windows OS. You’ll find out how to acquire evidence using multiple tools as well as examine and analyze the collected artifacts, while discovering multiple techniques used in real-world forensic incidents.

BookOct 2023318 pages
Implementing DevSecOps Practices

Implementing DevSecOps Practices

This book is a comprehensive, hands-on guide for individuals new to DevSecOps who want to implement DevSecOps practices successfully and efficiently. With its help, you’ll be able to shift security toward the left, enabling you to merge security into coding in no time.

BookDec 2023258 pages