Windows Server 2019 – Hardening and Security

Installing an FTP server

$3.8 million dollars. For anyone who read that in the voice of Dr. Evil, my hat goes off to you. For anyone who has no idea what I’m talking about, you may have had a sheltered childhood. Joking aside, that number is significant to IT security. Why? Because $3.8 million dollars is the average cost to a business when they are the victim of a data breach. I originally heard this and other scary statistics at a Microsoft conference in Redmond a couple of years ago, and the numbers have continued to climb year by year. How about looking at another statistic that can be used in order to get approval for an increase in your security budget? Depending on which study you read, the average number of days an attacker has dwell time in your network (the time they spend hanging around inside your files and infrastructure before they are detected and eradicated) is around 200. Think about that—200 days! That is the better part of a year that they’re camping out for before you discover them! What are they typically doing during those 200 days? Siphoning all of your data, bit by bit out the back door. Another number is 76%—as in the percentage of network intrusions that happen as a result of compromised user credentials. Furthermore, it is becoming more and more difficult to identify these attacks in the first place, because attackers are using legitimate IT tools in order to grab what they want, such as socially engineering their way into the trust of a single employee, and leveraging that trust in order to get a remote access connectivity tool installed onto the user’s work computer. Why use malware when you can use something that is trusted and is going to fly under the radar of intrusion detection systems? Makes sense to me.

Data security, network security, credential security—these things are all becoming harder to accomplish, but there are always new tools and technology coming out that can help you fight off the bad guys. Windows Server 2019 is the most secure OS that Microsoft has produced; in this chapter, let’s discuss some of the functionality included that makes that statement true:

  • Windows Defender Advanced Threat Protection
  • Windows Defender Firewall – no laughing matter
  • Encryption technologies
  • Banned passwords
  • Advanced Threat Analytics
  • General security best practices

Comments are closed.