Transcript from VBlog: Securing Windows Server 2016
Hello everyone. Doug Bassett, Senior Technical Instructor here at Stormwind Studios and we’re under attack. Not just Stormwind, but pretty much everybody in the world. If you go up to map.norsecorp.com, we have a real-time attack graphic that shows the attacks that are going on right this very second. And if you go over here, you’ll notice that the attack origins, right now the US is real popular for sending out these attacks. China is number two and then for some reason the Netherlands is number three.
Let’s look at the attack targets. Right now the primary target is US, but also UAE, Spain, Singapore is getting attacked. Now these are external attacks and in most cases we have pretty much hardened ourselves against these external attacks or at least we hope we have. But, I am very happy to announce a brand new course by Stormwind Studios, which is Securing Windows Server 2016, which maps to Microsoft Exam 70-744. This is going to harden our systems, because one of the big problems that we run into is anytime that we’re looking at threats, we forget the number one threat to our company, which is internal employees. It could be that we have internal employees that are maybe a little disgruntled or maybe they’re just tourists wandering around, or they delete stuff that they shouldn’t delete because we haven’t assigned the appropriate permission, or we have administrative accounts that have been compromised. Maybe we used an easy to guess password or we used the same password and user name on several different web sites. Or maybe we got shoulder surfed or something like that.
In this particular course, we’re going to be doing lots of cool things. We’re going to be starting off by looking at what an attack is like and how we can detect these attacks. We’re going to be using sys internal tools, we’ll also talk about assume breach. This is the new philosophy behind hardening our systems. We are assuming that our network infrastructure is penetrated. We are assuming that our servers are penetrated. We are assuming that our administrative level accounts are penetrated. The consoles that we use to try and do our administrative tasks, they have been compromised and this course is hardening all of the stuff assuming that we’ve already been breached. That way, if somebody comes in and has compromised credentials, somebody comes in and has the ability to run certain power shell commands, somebody comes in and can ex filtrate information, we want to secure our systems to minimize the damage and to let us know it’s happening.
We’re going to be starting off looking at what an attack looks like and assuming breach. We’ll talk about server hardening solutions. We’ll get into securing our Hyper-V and our infrastructure virtualization environment. We’ll look at our network infrastructure. We’ll go in and talk about privileged identities where we can have our administrators and the groups that they belong to in a completely separate forest and then they’ll manage the production forest. That way, local administrators are not going to be able to go in and do any type of attacks on those privileged accounts. And those privileged accounts, we’re going to be using things like just in time administration and just enough administration so that they can only access that production environment for a very short period of time and we have definitely defined resources and actions that they can take as part of their administrative duties.
We’re also going to be talking about threat detection solutions that work automatically, that will go in and memorize how your system operates and then all of the sudden a user account starts doing stuff that’s not normal, it’s going to notify us about it. And then we’re going to go into workload specific security where we’ll go in and examine things like, oh I need to lock down my administrative consoles and I have an administrative console and I have a user console and I have to know the relationship between them.
It is a very, very, very exciting time to really announce this particular class, because this is something that we really need to be on top of. So, very, very important. I hope to see you really soon in our 70-744 class. It is a great class, lots and lots of demos. Lots of good resources for you and I hope to see you in that class real soon. If you do have any questions, you can always me. Doug.Bassett@stormwind.com. Hope to see you soon.