Current security challenges

By the time you have finished reading through the chapter, you will have hopefully been provided with a sense of how important security has become today and the challenges that come with it. We are continually becoming more reliant on technology than ever before, with no signs of slowing down. We have an expectancy of everything being digitized, and, as the IoT is taking off, everything around us will be connected to the internet, thus creating even more challenges to ensure security is efficient.

As we briefly covered earlier, attacks are becoming more and more sophisticated every day. There is an ever-growing army of bad actors working around the clock, trying to breach any data they can get their hands on because the cost of private data is very expensive. There is also a shift in the way bad actors are threatening organizations by looking for weakness in the supply chain and holding companies to ransom. With the advancement of cloud technology, supercomputers, and the reality of quantum computing coming to light, hackers and organized groups now have access to much more powerful systems and are easily able to crack passwords and their hashes much more easily, making them obsolete as the only factor of authentication. No one should be using just passwords anymore; however, the reality is, most still are. The same applies to encryption. The advancement of computers is making algorithms insecure, with the ongoing need for stronger encryption. These are just some of the ongoing challenges we are faced with when protecting our assets.

Keeping up with vulnerabilities today is a full-time role. It’s critical that we keep on top of what they are and which Windows systems need to be updated. We will discuss the management of Windows updates later in the book, but having a program in place to manage the overwhelming amount of Windows updates is critical. Additionally, third-party applications will need to be carefully monitored and updated accordingly. An example of a commonly used application is Adobe Acrobat Reader DC to view Portable Document Format documents (PDFs). The following screenshot is a vulnerability report from Microsoft Defender Security Center. It provides a software inventory of all machines with the application installed and lists the number of vulnerabilities detected across all machines in your organization:

Figure 1.9 – Acrobat Reader DC identified vulnerabilities

As you can see, out-of-date applications have critical known vulnerabilities that are used by attackers.

Most organizations are reluctant to release the latest Windows updates to their servers straight away because of the risk that a patch could break a production system. The downside to this is that your system will have a known vulnerability, which opens up an opportunity for it to be exploited between the time of the patch release and the system being patched. Another challenge we are faced with is zero-day vulnerabilities. A zero-day vulnerability is one that has been identified but currently has no remediation or mitigation available from the vendor. Because of these challenges, it is critical we build a layered defense strategy into our Windows clients and servers. For example, never make your database server accessible via the internet, encrypt the traffic to your web servers, and only open the ports needed to communicate, such as allowing port 443 for secure (HyperText Transfer Protocol Secure (HTTPS)) traffic only.

As we focus on securing Windows devices within our environments, we can’t turn a blind eye to the fundamentals, including the overarching ecosystem that also needs to be considered when protecting your Windows devices. This book will cover a lot of detail on the specifics of securing and hardening your Windows systems and devices, but we also want to ensure the bigger picture is covered—for example, simple concepts of identity and access management (IAM). A user whose account has been compromised to allow an intruder on your Windows system has just made all the securing and hardening of that system irrelevant. The concept of weak physical access controls and policies could allow someone to simply walk into a server room and gain physical access to your systems. Other examples are allowing a developer to install an insecure web application with vulnerabilities on it, or a business that develops a process without security best practices in mind. All the controls you put in place with Windows become irrelevant, as an educated hacker could use the web application or exploit a process as an attack vector to gain access to your system. These examples show the criticality of not only being familiar with how to secure and harden the Windows OS but also ensuring all the other factors that fall within a mature security program work together to ensure your environment is as secure as possible. This, of course, doesn’t come easily, and it is critical you stay current and continue to learn and learn and learn!

Managing and securing your Windows systems is not a simple task, especially if you are working toward securing them correctly. There is a lot involved, and to efficiently and effectively secure your Windows systems, you need well-defined policies, procedures, and standards in place, along with a rigorous change-control process to ensure anything that falls outside of the standards receives the appropriate approval to minimize risk. Full-time roles exist today to manage and secure your Windows systems, along with specialized roles that are necessary to manage your Windows environments. Examples include Windows desktop engineers, Windows server engineers, Windows update administrators, Windows security administrators, Windows Mobile Device Management (MDM) engineers, and more. As part of these roles, it is critical that staff are continuously educated and trained to provide the best security for Windows. The landscape is changing daily, and if your staff aren’t dynamic or don’t stay educated, mistakes and gaps will occur with your security posture.

Another task to think about that must be addressed with your Windows devices is inventory management. It is important to ensure you know where all your devices are and who has access to them. Even more important is ensuring that devices are collected upon any terminations, especially those pertaining to disgruntled employees. Enforcing policies on your Windows devices is also another challenge; for instance, how do you ensure all your devices have the latest policies, and how can you ensure accurate reporting on non-compliant devices? Remote management can also be a challenge—that is, to make sure that not just anyone can remotely access your devices, including the auditing of support staff for anything that they shouldn’t be doing. Running legacy applications on your Windows devices creates an instant security concern, and making sure they are patched to the latest supported version is critical. This list goes on, and we will be diving into much greater detail within the following chapters to help provide the information you need to protect your Windows environment.

Before we move on to the next topic, one additional challenge that needs mentioning is shadow IT. In short, shadow IT is the setup and use of servers and infrastructure without IT or the security team’s approval or knowledge—for example, a business function. This instantly creates a significant security concern as the Windows systems will most likely be used with no standards or hardening in place. In addition, hackers are known to target application-managed identities to gain access to other systems due to their privileged permissions. This can be a challenge to manage, but it is something that needs to be understood and prevented within any business.