Thursday 24th November 2016
by Ken Walshe

Ken Walshe

It’s all about the security: Windows Server 2016 security

This is the final instalment of our Windows Server 2016 blog trio. The first instalment presented some reasons as to why you should deploy it now and the second the 6 best new features. This one is all about the security.

Here are my biggest and best Windows Server 2016 security improvements in order of importance.

1. Shielded Virtual Machines

Shielded Virtual Machines offer protection from Virtual Machines against malicious Hyper-V admins and malware attacks on both public and private cloud. They are encrypted using BitLocker and basically prevent a malicious attacker getting access to the Virtual Machine data. They also help protect virtual machines from a compromised fabric as well as improve compliance.

2. Credential Guard and Remote Credential Guard

These help protect administrator credentials from Pass-the-Hash attacks. A Pass-the-Hash attack is a technique used to harvest credentials as they move from one machine to another. It also provides two different administration levels:

  • Just Enough Administration: Granular rights for the job in hand
  • Just-In-Time Administration: Rights granted only when needed

Here’s a Credential Guard demo

3. Windows Nano Server

Nano Server is a tiny version of Windows Server with just the minimum number of operating system files. Its tiny size means that the attack surface is also tiny. To install Windows Nano Server, you need just 130MB of RAM and 600MB on your C drive.

4. Windows Defender

Windows Defender is optimised for server roles, helps protect against known malware and runs without a GUI. This means it takes up less resource and therefore reduces the area open to vulnerabilities.

5. Device Guard helps ensure only trusted software runs on the server.

6. Control Flow Guard helps protect against memory corruption attacks.

7. Advanced auditing capabilities detects suspicious behaviour in the kernel or other sensitive processes.

8. Hyper-V containers. Use the distributed firewall, a software-defined networking capability, to control internal and external network traffic to virtual machines.

9. Set up alerts and reporting using Microsoft Operations Management Suite Insights & Analytics tools.

These 9 form the basis of what we at Trilogy believe to be the key Windows Server 2016 security improvements and completes our Windows Server 2016 blog trilogy. Read the first: Why you should deploy it now and the second:  6 best new features.

Join the discussion

Your email address will not be published. Required fields are marked *