CHAPTER 1 Implement server hardening solutions

BitLocker

Resource:
Ebook : Exam Ref: 70-744 Securing Windows Server 2016

 

Chapter summary

  • It’s true that BitLocker Drive Encryption as well as Encrypting File System have a strong use case in protecting corporate laptops. After all, seemingly countless laptop computers are stolen from airports around the world. Nonetheless, in this chapter we made the case that implementing BitLocker and EFS on our servers strongly improves the security posture of those machines, so long as these controls are added in addition to physical security and least privilege.
  • The baseline server configuration for BitLocker involves an up-to-date UEFI firmware as well as an on-board TPM chip. These features support Secure Boot, which protects the server’s startup environment against the insertion of unauthorized code.
  • Microsoft offers administrators many options for recovering a lost BitLocker unlock password. These options include key/password escrow in Active Directory and self-service key retrieval by using the Microsoft BitLocker Administration and Monitoring (MBAM) toolset.
  • While BitLocker encrypts entire disk volumes, EFS provides a granular method for encrypting files and folders.
  • AppLocker was Microsoft’s first foray into application whitelisting. To remind you, whitelisting is the exact opposite of application blacklisting, which was the method used by Group Policy software restriction policies.
  • Control Flow Guard is a .NET Framework development feature that strengthens a Windows desktop application’s relationship with system memory.
  • Credential Guard relies upon the Hyper-V hypervisor to store sensitive credentials in a secure LSASS process and thereby prevent credential theft.
  • Because NTLM is an old and largely unsecure authentication protocol, Microsoft makes it possible for administrators to block NTLM traffic in a workgroup or domain.
  • NTLM blocking is configured via Group Policy.
  • The best practice suggestion is to use the NTLM auditing Group Policy settings first to ensure that blocking NTLM entirely won’t break any of your applications and services.
  • Security Compliance Manager (SCM) is a database-backed desktop application the aim of which is to simplify the generation, comparison, deployment, and reporting of Group Policy security settings.

 

Abbreviation:
LSASS : Local Sercurity Authority Subsystem Service
SCM : Security Compliance Manager
NTLM (old) –> Kerberos (new)

New Technology:
Device Guard VS AppLocker
Device Guard (Code Integrity) expresses a high level of “trust”, whereas AppLocker allows for granular rules – https://channel9.msdn.com/Events/Ignite/2015/BRK2336

image

Root Cause:

  1. Users can install and run unauthorized/untrusted apps
  2. Most security products are reactionary by nature
  3. Attacks are narrowly focused with specific goals
  4. New malware is easily obtained for a few BitCoin
  5. Advanced social engineering methods
  6. Relaxed attitudes toward local administrators

Goal:

  1. Enforce application standards
  2. Eliminate threats associated with untrusted apps
  3. Improve management and control of application sprawl

 

image

Device Guard and Credential Guard hardware readiness tool
https://www.microsoft.com/en-us/download/details.aspx?id=53337

 

New Technology:
BitLocker encrypts entire disk volumes, EFS provides a granular method for encrypting files and folders

 

Technology for encryption entire disk volumes:

1. BitLocker

2. Trend Micro Encryption

 

BitLockert –> encrypts/decrypts –>

Enterprise implementation

BitLocker can use an enterprise’s existing Active Directory Domain Services (AD DS) infrastructure to remotely store recovery keys. BitLocker provides a wizard for setup and management, as well as extensibility and manageability through a Windows Management Instrumentation (WMI) interface with scripting support. BitLocker also has a recovery console integrated into the early boot process to enable the user or helpdesk personnel to regain access to a locked computer.

 

 

Related image

 

Trend Micro Encryption  Component
1. Policy Server
2. Device/Asset/Computer/Laptops
** Server <—sync –each other –> Devices.

Image result for trend micro endpoint encryption overview

 

Image result for trend micro endpoint encryption overview

 

 

 

เนื้อหาที่เกี่ยวข้อง
MCSE 2012 RENEW TO MCSE 2018

Exam 744 – Securing Windows Server 2016

Facebook Comments

Leave a Reply

Scroll to top