WindowsNetworking.com - Monthly Newsletter - August 2015
Hi Security World,
Welcome to the WindowsNetworking.com newsletter by Debra Littlejohn Shinder <http://www.windowsnetworking.com/Deb_Shinder/>, MVP. Each month we will bring you interesting and helpful information on the world of Windows Networking. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: firstname.lastname@example.org
1. Thereâ€™s a new client in town
Back in October 2014, just two months shy of a year ago, my editorial for this newsletter was about Microsoftâ€™s â€œnext big thing,â€� Windows 10. Iâ€™ve been working with it off and on in pre-release versions since that time, and it has gone through numerous changes in the interim so that the interface â€" and to a lesser degree, the feature set â€" is very different from the one that I reported on back then. At the end of July, Microsoft was finally satisfied enough with the results of the tweaking and tuning in response to beta test feedback, and released the final version of the OS to the public.
As with practically every new operating system version, reaction both in the tech press and among ordinary computer users has been mixed. Most of those who are coming to Windows 10 from Windows 8/8.1 seem to be generally pleased with the changes to the interface and that is particularly true of business users who are happy with the enhancements to the desktop environment. The restoration of the Start menu was the big change that made the difference for many, even though it was relatively easy to modify Windows 8 to add back the Start menu with third party add-ons such as Start8 and Classic Shell.
For those who are using tablets, Tablet Mode takes you back to a full-screen Start screen like in Windows 8, but itâ€™s been reworked to make it a bit more user-friendly and functional; now you get a bit of the best of both worlds with the taskbar remaining visible at the bottom of the Start screen (or wherever youâ€™ve located it) and the new Action center that slides out when you swipe from the right now, replacing the old Charms bar with a more robust feature that displays information from your apps (new emails, Facebook posts, calendar appointments etc. depending on what youâ€™ve configured it to display, along with handy toggle switches and quick access to settings, notes, battery status etc. â€" very similarly to the pull-down notification screen on Android devices.
As seems to be par for the course, the biggest complaints are coming primarily from two very opposite quarters. First there are those who arenâ€™t at all technical, arenâ€™t interested in new features, donâ€™t care much about security, and just donâ€™t want to have to learn something new. The second group consists mostly of very security-conscious techies who have concerns about privacy issues related to some of the new â€œconvenienceâ€� features such as Wi-fi sense and the peer-to-peer sharing of updates.
Windows 10 offers some real benefits for business users, particularly for those many organizations that stayed with Windows 7 instead of upgrading to Windows 8/8.1. While there is a lot of controversy regarding the security implications of some of the operating systemâ€™s ways of being more â€œhelpfulâ€� to consumers (forcing updates whether you want them or not, sharing your wi-fi networks with friends by default), Windows 10 Enterprise Edition introduces a number of new security mechanisms that will help to protect business client computers.
Containers are all the rage now, and Microsoft has used containerization technology to increase the separation between personal and company data and applications that are used on the same computer â€" a real â€œmustâ€� in todayâ€™s BYOD environment. Device Guard is a new feature thatâ€™s available only in Enterprise edition, which carries the basic premise of the old AppLocker (and Software Restriction Policies before it) to a new level. I wrote a detailed overview of it in Part 1 of my article series for our sister site, WindowSecurity.com, thatâ€™s titled Microsoft Ignites a new Focus on Security <http://www.windowsecurity.com/articles-tutorials/misc_network_security/microsoft-ignites-new-focus-security-part1.html>.
Credential Guard utilizes containers for isolated storage of NTLM hashes and Kerberos tickets.
Admins will also be able to look forward to another feature that makes use of the containerization concept: Enterprise Data Protection (EDP), which is designed to protect against data leakage and further separate business and personal data, as well as provide the ability to wipe corporate data without affecting personal data. It integrates with Microsoft Intune, SCCM or other current Mobile Device Management (MDM) systems. In fact, Windows 10 for enterprises includes several new features to support MDM solutions, so that you can use MDM to manage network domain-joined devices and install apps directly from the Windows Store, update policies automatically, get information about device compliance, and more.
Another important improvement for enterprises is the ability of users to log into their accounts â€" including Active Directory accounts in the local domain, Azure AD accounts, and Microsoft accounts â€" using biometrics. Passport attempts to finally replace the traditional username and password only logon model with something better: strong two-factor authentication. The Windows 10 â€œpieceâ€� is called Windows Hello, and it supports not only fingerprint authentication but also facial recognition and iris scanning as the second factor. According to one of the senior program managers at Microsoft who presented at his yearâ€™s BUILD conference, the goal with Windows Hello was to create a logon system secure enough for government, health care, financial services and other verticals with high security requirements.
These are just a few of the benefits to businesses of moving to Windows 10, and by all appearances companies are much more enthusiastic about the latest OS than they ever were about its immediate predecessor. Only time will tell whether it proves to be as popular and enduring as Windows XP was for so long, but Iâ€™ll be writing more about specific Windows 10 networking features and issues here in the future.
â€˜Til next time,
What history has taught us is that we have learned nothing from history.
2. Windows Server 2012 Security from End to Edge and Beyond - Order Today!
Windows Server 2012 Security from End to Edge and Beyond
By Thomas Shinder, Debra Littlejohn Shinder and Yuri Diogenes
From architecture to deployment, this book takes you through the steps for securing a Windows Server 2012-based enterprise network in today's highly mobile, BYOD, cloud-centric computing world. Includes test lab guides for trying out solutions in a non-production environment.
Order your copy of Windows Server 2012 Security from End to Edge and Beyond. You'll be glad you did.
3. WindowsNetworking.com Articles of Interest
This month, weâ€™re continuing with several popular article series on WindowsNetworking.com:
How to Successfully Create a Hyper-V Cluster Using Virtual Machine Manager (Parts 4 & 5)
In previous installations of this series, Nirmal Sharma has explained how you can use virtual machine manager to create a Hyper-V cluster. Now in preparation for showing you the process for making a virtual machine highly available via VMM, he will describe how to make sure that Hyper-V cluster is configured with appropriate storage, virtual networks, and shared volumes.
PowerShell for Storage and File System Management (Part 2)
In this article, Brien Posey continues the discussion of PowerShell storage monitoring by taking a look at how storage monitoring might be automated. In this second part of a multi-part series, he will discuss the required steps and then begin showing you how to implement those steps.
Active Directory Insights (Part 3): Re-examining read-only domain controllers
In this article series, Mitch Tulloch has been talking about Windows Active Directory, and this third article in the series examines some issues associated with deploying read-only domain controllers (RODCs) in Active Directory environments.
Hybrid Network Infrastructure in Microsoft Azure (Part 4)
In part 1 of this series, Deb Shinder began the discussion about hybrid network infrastructure with some thoughts about what hybrid clouds are about, and then talked about some of the networking functionality that you get when you adopt Azure Infrastructure Services. In part 2 of the series, Tom joined in as co-author and we went over site to site VPNs and point to site VPNs. In part 3 we took a look at the Azure dedicated WAN link service, which goes by the name of ExpressRoute, and also discussed the Azure Virtual Gateway, which is located on the edge of your Azure Virtual Network and enables you to connect your on-premises network to an Azure Virtual Network. In this Part 4, we move on to discuss Azure Virtual Networks in more detail.
4. Administrator KB Tip of the Month
* Erasing sensitive data on solid state drives
Mitch Tulloch says:
A reader asked me the following question:
I am wondering if you have any recommendations to destroy data on an SSD in accordance to DoD before we send them to recycle. We have a very strong degasser that use that will not only wipe the HD completely, but will destroy the electronic in the boards. SDD drive will not work in this. This is quick for our mass number of computer turnover.
I asked some of my colleagues in the hardware and enterprise communities concerning this and basically received two kinds of answers. First, if you want to recycle them, you should ask the SSD vendor how best to erase all data from the drive in a way that meets DoD standards. The vendor's SSD Secure Erase function may be sufficient or it may not, but either way the vendor would be the best one to advise.
If you're not concerned about recycling them however, you should just have them physically destroyed using an industrial hard drive disintegrator. This article titled "Eliminating Data from Solid State Hard Drives" provides some recommendations on how to do this in accordance with NSA requirements:
Here is some additional reading on the subject of erasing SSDs in case you're still interested:
- Reliably Erasing Data from Flash-Based Solid State Drives (PDF)
- Fast Purge flash SSDs - when "Rugged SSDs" won't do the job (from StorageSearch.com)
- Solid-state disks offer 'fast erase' features (from ComputerWorld)
- SSD security: the worst of all worlds (from ZDNet)
The above tip was excerpted from Mitch Tulloch's book Training Guide: Installing and Configuring Windows Server 2012 <http://www.amazon.com/exec/obidos/ASIN/0735673101/> from Microsoft Press. For more admin tips, see
5. Windows Networking Links of the Month
Professional IT admins: 26 open source network management tools to help you do your job
What to expect from 5G wireless
Cisco warns customers about attacks installing rogue firmware on networking gear
The 9 worst wi-fi security mistakes
Android device makers promise monthly security fixes
6. Ask Sgt. Deb
We just upgraded to Server 2012 from Server 2003 â€" quite a jump, but since support for 2003 was expiring, we didnâ€™t have much choice. So one thing I notice right off the bat is the way the Server Manager starts up immediately with that welcome thing. Iâ€™m sure thereâ€™s a way to fix that. Can you help? Lost in 2012, Jeffrey
Hi, Jeffrey. It can be a little overwhelming when you switch to a new OS, especially a complex server OS, and especially when youâ€™ve skipped a version or two. Believe me, you arenâ€™t the only one who doesnâ€™t find the Welcome tile and Server Managerâ€™s â€œhelpfulâ€� omnipresence particularly endearing.
You can easily disable the Welcome tile in the View menu. To keep Server Manager from popping up automatically every time you log on, go to Manage | Server Manager Properties. There youâ€™ll see an option that says Do not start Server Manager automatically at logon. All better!
- Articles & Tutorials (http://www.windowsnetworking.com/articles-tutorials/)
- KBase Tips (http://www.windowsnetworking.com/kbase/WindowsTips/)
- Products (http://www.windowsnetworking.com/software/)
- Reviews (http://www.windowsnetworking.com/articles-tutorials/product-reviews/)
- Free Tools (http://www.windowsnetworking.com/software/Free-Tools/)
- Blogs (http://www.windowsnetworking.com/blogs/)
- Forums (http://forums.windowsnetworking.com/)
- White Papers (http://www.windowsnetworking.com/white-papers/)
- Contact Us (http://www.windowsnetworking.com/pages/contact-us.html)
- MSExchange.org (http://www.msexchange.org/)
- WindowSecurity.com (http://www.windowsecurity.com/)
- VirtualizationAdmin.com (http://www.virtualizationadmin.com/)
- ISAserver.org (http://www.isaserver.org/)
- CloudComputingAdmin.com (http://www.cloudcomputingadmin.com/)
- InsideAWS.com (http://www.insideaws.com/)
- WServerNews.com (http://www.wservernews.com/)
To unsubscribe: http://www.techgenix.com/newsletter/members.aspx?Task=OOS&SI=78504&E=security.world%40gmail.com&S=1&NL=33
To change your subscription settings: http://www.techgenix.com/newsletter/members.aspx?Task=US&SI=78504&E=security.world%40gmail.com&S=1
WindowsNetworking.com is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@WindowsNetworking.com
TechGenix Ltd. Mriehel Bypass, Mriehel BKR 3000, Malta
Copyright WindowsNetworking.com 2015. All rights reserved.