Microsoft Product Releases: Microsoft Windows Server 2016

Improved Security

The next generation of windows server is more robust with features than its predecessors

When it comes to Microsoft Product Releases, we can’t stress enough how Microsoft Windows Server 2016 is vital to a successful IT team. We can give you seven reasons why your team needs it. So, without further delay, read on:

Windows Server 2016 has multiple layers of security built-in to the operating system. This new security system helps block attacks against your data and applications that run on-premises and in the Cloud, as well as attacks against virtual machines. Several isolation and threat detection features activate as soon as Windows Server 2016 launches.

You can also activate other security features after server deployment:

  • switch on protection against malware/ransomware injection into server
  • block compromises to credentials, such as pass-the-hash attacks, using Credential Guard and Remote Credential Guard
  • pro-actively identify behavior indicating potential server breaches
  • expand security protection to include virtual machines, using Shielded Virtual Machines encrypted by Bitlocker. Bitlocker is full disc encryption that protects the hard drive from offline attacks, first introduced in Windows 2007, and now applied to virtual machines.

Credential Guard/Remote Credential Guard. Microsoft first introduced this security feature in Windows 10 Enterprise. The protection uses virtualization security techniques that wall off cryptic  information like credentials and put the cloaked information where only a set of privileged software has access. Even malware running within the operating system cannot break into the credentials. Credential Guard protects NTLM (NT Lan Manager) password hashes and Kerberos Ticket Granting Tickets as well as other credentials that applications store for their domains.

Shielded Virtual Machines. Microsoft introduced this security feature in Windows 2016. Shielded Virtual Machines protect Microsoft’s Hyper-V Generation 2 virtual machines from malicious attacks. Shielded VMs do not boot from a traditional BIOS system. Instead, they boot from something called a virtual Unified Extensible Firmware Interface (UEFI). Technology companies, 140 of them including Microsoft, developed UEFI to replace BIOS.

Shielded Virtual Machines work their security magic thanks to Secure Boot and Bitlocker encryption that resides inside the virtual disks. Bitlocker protects data whether it’s in transit or not moving. Secure Boot is a PC industry standard that checks the boot loader to make sure it only uses software trusted by the PC manufacturer.

Device Guard. This security feature make sure that only trusted software runs on your server — whether your applications run in-house or in the Cloud. It is security software and Enterprise hardware that together lock a device down to only run trusted software that you define in your code policies.

Control Flow Guard. This security feature developed to prevent vulnerabilities that result in memory corruption. One of its strengths is that it severely restricts from where code executes which means that hackers cannot take advantage of buffer overflows or other vulnerabilities to execute malicious code.

Windows Defender. This feature is an anti-malware protection for the server, not the operating system.

Microsoft Focuses on Hybrid Cloud. The new Windows Server 2016 is an example of Microsoft’s emphasis on Hybrid Cloud. The company is betting that certain Enterprise organizations will always want to transfer some of their data and work spaces to the Cloud while maintaining other parts of their data/applications on the in-house server. Microsoft designed Windows Server 2016 to facilitate organizations who want to take advantage of the Hybrid Cloud.

Have the most knowledgeable IT team. Windows Server 2016 is much more powerful than previous servers. To get the most out of Windows Server 2016, it makes sense to have highly trained IT personnel who have the skills necessary to run the server and all of its security features.

To talk more about this topic, or about anything else, please contact us. We want to help you with all your IT questions.