Archive for the ‘Windows 2016’ Category

“WannaCrypt”–Patch first and then verify depreciation of SMBv1

May 15, 2017

Due to ongoing “WannaCrypt” attacks highly recommended to review if you rely on SMBv1, this feature is installed by default but mostly not in use anymore. WannaCrypt threat uses publicly available exploit code for the patched SMB vulnerability, CVE-2017-0145, which can be triggered by sending a specially crafted packet to a targeted SMBv1 server. The exploit code used is designed to work only against unpatched Windows 7 and Windows Server 2008 (or earlier OS) systems, so Windows 10 PCs are not affected by this exploit attack. The said vulnerability was fixed in security bulletin MS17-010, which was released on March 14, 2017

image

image

“WannaCrypt” Attacks – If you have automatic updates enabled or have installed the update, your systems are protected against this attack. We encourage to install the update as soon as possible

Please check out below guidelines:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Ransom:Win32/WannaCrypt

https://blogs.technet.microsoft.com/mmpc/2017/05/12/wannacrypt-ransomware-worm-targets-out-of-date-systems/

https://blogs.technet.microsoft.com/mmpc/2016/05/18/the-5ws-and-1h-of-ransomware/

MS17-010 for Windows 2012 R2 – KB4012216 direct download here

MS17-010 for Windows 2016 – KB4013429 direct download here

You can verify what SMB version your servers are using with “Get-SmbConnection | fl Servername,Dialect”

if you want to uninstall SMBv1 you can do this by running below command but you should verify first

Get-WindowsFeature | where {$_.Name -match "FS-SMB1"} | Remove-WindowsFeature

if you want to remove that on a bunch of servers a.e. in a cluster you do something like this

Here is some more guidance on how to enable/disable a specific SMB version –> https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/

https://blogs.technet.microsoft.com/josebda/2015/04/21/the-deprecation-of-smb1-you-should-be-planning-to-get-rid-of-this-old-smb-dialect/

Stay secured!

Ramazan

Advertisements

Windows Server 2016 Scalability

August 26, 2016

For those of you who haven’t been able to keep up with all of the new scenarios and features Windows 2016 is introducing, no worries! here are just a few of the top scenarios and features I have been asked about in Windows Server 2016

image

Scale Out File Server with Storage Spaces Direct (RDMA) for Hyper-converged infrastructure

this will be a tradition broker! Windows Server 2016 Datacenter introduces Storage Spaces Direct, which enables building highly available (HA) storage systems with local storage. This is a significant step forward in Microsoft Windows Server software-defined storage (SDS), as it simplifies the deployment and management of SDS systems and also unlocks the use of new classes of disk devices, such as SATA and NVMe disk devices, that were previously not possible with clustered Storage Spaces with shared disks. Windows Server 2016 provides a hyper-converged solution by allowing the same set of servers to provide SDS through Storage Spaces Direct (S2D), and also by serving as the hosts for virtual machines using Hyper-V.

For more information on this area, please reference Storage Spaces Direct in Windows Server 2016 Technical Preview.

Shielded virtual machines

Virtualization security is a major investment area in Windows Server 2016 Hyper-V. In addition to protecting hosts or other virtual machines from a virtual machine running malicious software, we also need to protect virtual machines from a compromised host. Since a virtual machine is just a file, we need to protect it from attacks via the storage system, the network, or while it is backed up. This is a fundamental need for every virtualization platform today, whether it’s Hyper-V, VMware, or any other. Quite simply, if a virtual machine gets out of an organization (either maliciously or accidentally) that virtual machine can be run on any other system. Protecting high value assets in your organization such as domain controllers, sensitive file servers, and HR systems is a top priority, which is why we’ve made this scenario a top priority in Windows Server 2016. Quite simply, nothing like it exists in the market.

Containers

Windows Containers provide operating system-level virtualization that allows multiple isolated applications to be run on a single system. Two different types of container runtime are included with the feature, each with a different degree of application isolation. Windows Server Containers achieve isolation through namespace and process isolation while Hyper-V Containers encapsulate each container in a lightweight virtual machine. Curious to learn more? Be sure to reference this documentation piece on Windows Containers

stay tuned and happy testing… more to come soon on that end Winking smile