Host Security
Endpoint Protection
Computer systems that can interact directly with users are considered endpoint systems, and the systems on devices such as laptops, smartphones, tablets, etc. are need to be secured to prevent them from acting as gateways for security attacks on an organization's networked systems.
Step 1: Help protect against malware
Install antimalware to help identify and remove viruses, spyware, and other malicious software. You can easily install Microsoft Antimalware or an endpoint protection solution from a Microsoft Partner.
Step 2: Monitor the status of the antimalware
With the help of the information under Endpoint protection issues, you can identify a plan to address any issues identified. Security Center reports the following endpoint protection issues:
- Endpoint protection not installed on Azure VMs- A supported antimalware solution isn't installed on these Azure VMs.
- Endpoint protection not installed on non-Azure computers- A supported antimalware solution isn't installed om these non-Azure computers.
- Endpoint protection health issues-
- Signature out of date- An antimalware solution is installed on these VMs and computers, but the solution doesn't have the latest antimalware signatures.
- No real-time protection- An antimalware solution is installed on these VMs and computers, but it isn't configured for real time protection. the service might be disabled, or Security Center might be unable to obtain the status because the solution isn't supported.
- not reporting- An antimalware solution is installed but not reporting data.
- Unknown- An antimalware solution is installed, but either its status is unknown or it is reporting an unknown error.
Privileged Access Workstations (PAWs)
PAWs provide a dedicated system for sensitive tasks that are protected from the Internet attacks and threat vectors which a hardened and locked down workstation designed to provide high security assurances for sensitive accounts and tasks.
The PAW security controls are focused on mitigating high impact and high probability risks of compromise and these include mitigating attacks on the environment and risks that can decrease the effectiveness of PAW controls over time:
- Internet attacks- Isolating the PAW from the open internet is the key ensuring that the PAW is not compromised.
- Usability risk- If a PAW is too difficult to use for daily tasks, then administrators will be motivated to create workarounds to make their jobs easier.
- Environment risks- Minimizing the use of management tools and accounts that have access to the PAWs to secure and monitor these specialized workstations.
- Supply chain tampering- Taking a few key actions can mitigate critical attack vectors that are readily available to attackers. This includes validating the integrity of all installation media and using a trusted and reputable supplier for hardware as well as software.
- Physical attacks- As PAWs can be physically mobile and used outside of physically secure facilities, they must be protected against attacks that leverage unauthorized physical access to the computer.
Architecture Overview
The architectural approach built on the protections found in the Windows 10 Credential Guard and Device Guard features goes beyond those protections for sensitive accounts and tasks. This methodology is appropriate for accounts with access to high value assets:
- Administrative Privileges- PAWs provides increased security for high impact IT administrative roles and tasks and can be applied to administration of many types of systems including Automated Teller Machines (ATMs), Point Of Sale (POS) devices, Microsoft Azure Active Directory tenants, Microsoft 365 tenants, etc.
- High sensitivity information workers- The approach used in a PAW can also provide protection for highly sensitive information worker tasks and personnel such as those involving pre-announcement Merger and Acquisition activity, pre-release financial reports, sensitive research, or other proprietary or sensitive data.
The security of most or all business assets in an IT organization depends on the integrity of the privileged accounts used to administer, manage, and develop.
Jump Box
Administrative "Jump Box" architectures set up a small number administrative console servers and restrict personnel from using them for administrative tasks while the administrative session on the jump server relies on the integrity of the local computer accessing it, but if this computer is a user workstation subject to phishing attacks and other internet-based attack vectors, then the administrative session is also subject to those risks.
The default configuration in the PAW guidance installs administrative tools on the PAW, but a jump server architecture can also be added if required and the user jump box is exposed to risk so appropriate protective controls, detective controls, and response processes should still be applied for the internet-facing computer.
Azure Resource Manager
Resource Manager is the deployment and management service for your Azure subscription while using its access control, tagging, and auditing features to help secure and organize your resources after deployment. Here are some additional terms to know when using Resource Manager:
- Resource provider- A service that supplies Azure resources. For example- a common resource provider is Microsoft Compute, which supplies the VM resource.
- Resource manager template- A JSON file that defines one or more resources to deploy to a resource group or subscription while the template can be used to consistently and repeatedly deploy the resources.
- Declarative syntax- Syntax that lets you state, "Here's what I intend to create" without having to write the sequence of programming commands to create it.
You can use the Resource Manager template to define your VMs, and after that you can easily deploy or redeploy them. It is recommended to periodically redeploy your VMs to force the deployment of a freshly updated and security-enhanced VM OS.
Comments
Post a Comment