Vulnerabilities in Microsoft Windows Server, IAAS - Essay Example

 Vulnerabilities in Microsoft Windows Server, IAAS This study reflects upon various aspects of cloud computing and certain vulnerabilities faced by its applications or technologies. Cloud computing has enhanced the rate of connectivity but even triggered many challenges for system administrators. IAAS is a basic cloud computing platform which has witnessed such vulnerabilities over the years. The study discusses these issues in relation to Windows Server, an integral component of IAAS framework. Data security is an important issue observed in Windows Server, which can be managed through designing firewalls, restricting data sharing or even providing built-in support. Introduction Cloud computing can be stated as a model for facilitating on-demand, convenient and ubiquitous access to shared pool of computing and configurable resources. This resource sharing platform helps in achieving economies of scale and coherence. The concept of cloud computing is based on a broader aspect of shared services and converged infrastructure. Cloud resources are also dynamically reallocated along with being accessed by multiple users. The entire approach of cloud computing has shifted focus towards OPEX model from basic infrastructure of CAPEX model. This study would reflect upon one of the cloud computing services, known as IAAS. Infrastructure as a service or IAAS is a basic cloud service platform. This mainly refers to online services which abstract user from data partitioning, physical computing resources, backup, location, security, etc. There are some additional resources offered by IAAS clouds such as raw block storage, firewalls, disk-image library, load balancers, virtual local area networks, software bundles and object storage. Windows Server is a known technology or application based on the concept of IAAS. It is a brand name given to bundle of server operating systems, which are launched by Microsoft. The first server edition was named as Windows NT 3.1; however, there have been advancements in developing Windows Server. This study shall analyse key vulnerabilities witnessed by Windows Server and mitigation strategies implemented over the years. There are some general approaches too that can safeguard the system from external threats. Information security is a major area of concern specifically for IAAS platform, since it deals with efficient sharing of information or resources. Background Microsoft has developed wide array of servers over the years. Each of these servers has witnessed some form of vulnerability. The file sharing permission is a common form of vulnerability which Windows Server has been exposed to and it has resulted into multiple opportunities for hackers. Microsoft had restricted support to Windows Server 2003, which has given birth to security risks. History of the vulnerabilities There were unpatched vulnerabilities linked with Windows Server 2003 since Microsoft had eliminated end-of-support. The cybersecurity dangers can be correlated with such vulnerability. This kind of unsupported software system of Windows Server 2003 is associated with risk of viruses. There is wide range of negative consequences such as loss of system resources, integrity, confidentiality, and business assets and data availability. Windows Server 2008 is also affected by certain vulnerabilities that are caused by Hyper-V server. This kind of vulnerability occurs when specific machine instructions are not properly encoded within guest virtual machines. The loophole in validation would result into a non-responsive Hyper-V server application. Hackers would easily exploit the system when they are aware about such vulnerability prevalent within Windows Server 2008. The deficit of malware protection can also be one of the vulnerabilities, which has been observed in Windows Server 2003. However the intensity of this vulnerability is comparatively less than Windows Server 2008, where functions might stop responding. Windows Server 2012 is also faced with some vulnerability that results into unauthorised modification, service disruption and unauthorised information disclosure. This vulnerability is also termed as CVE-2014-6324, and is located in the Windows KDC or Kerberos Key Distribution Centre. The vulnerability is responsible for facilitating unprivileged access of domain administrator’s account. On the basis of this vulnerability, attacker shall exploit the system possessing valid domain credentials. In-depth discussion on chosen vulnerability and its resolution Security vulnerabilities in Windows Server 2008 shall be further discussed in this section. This type of vulnerability has not only affected Windows Server 2008 but was also a major issue in Windows Server 2003. The problem is closely related to easier accessibility of files and data by hackers. Figure 1 depicts the percentage of cases observed in context of CVE-2014-6324, in relation to Microsoft Windows Server. Figure 1: Percentage of OS vulnerabilities (Source: Zhang, Cheng and Boutaba, 2010) As per figure 1, percentage of high vulnerabilities signifies presence of CVE-2014-6324 in Microsoft Windows Server. The security problems have been mitigated to desirable extent in Windows Server 2008 through digitally signed files, read only domain controller and BitLocker drive encryption. Windows Server 2008 is known as the most popular operating system of Microsoft. Since July 2008 there have been few upgradation made by Microsoft that has enhanced productivity, reduced administrative overhead and improved security (Mell and Grance, 2009). The security vulnerabilities are caused due to various reasons such as security policies, firewalls and easy access to directories and files. Security policies offered by Windows Server are of low standard which is a major problem for users. An appropriate security standard is not offered by Windows operating system (Computing, 2011). The rising concern towards safeguarding Windows Server is mainly due to rapid growth of OS vulnerabilities witnessed in a specific time period, as highlighted in figure 2. Figure 2: Comparison between OS vulnerabilities (Source: Vaquero, Rodero-Merino and Morán, 2011) The password settings or security policies are considerably weak that makes Windows Server vulnerable to security threats. There is also a loophole in relation to lack of robust data encryption. Windows operating system is unable to launch reliable firewall that shall prevent hackers from exploiting the system. The easy accessibility of files tends to make a system a more convenient but can also be regarded as a cause behind security vulnerability (Moreno-Vozmediano, Montero and Llorente, 2012). Files and directories are exposed over a networked system and this increases scope for hacking. There is certain sensitive information that can be easily accessed such as passwords, credit card numbers or secured data been stored within a system. There has been a security enhancement incorporated within Windows Server 2008 RC2. These measures have mitigated various security vulnerabilities that were witnessed earlier in Windows operating system (Armbrust, Fox, Griffith, Joseph, Katz, Konwinski and Zaharia, 2010). The security updates and patches determined in Windows Vista was highlighted and later modified by launching Windows Server 2008. This specific version of Windows Server has received end-all support which was eradicated from Windows Server 2003. There has been extended support to multiple security updates such as server manager solely responsible for handling security components, server core installation, digitally signed files, BitLocker drive encryption, read only domain controller, network access protection, and randamonisation of address space layout. The Server Manager is one of the critical components embedded within Windows Server 2008. This component is responsible for securing and managing multiple server roles observed within an enterprise. It is an extended version of Microsoft Management Console or MMC (Doelitzscher, Sulistio, Reich, Kuijs and Wolf, 2011). The Server Manager is a single tool that can be used by server administrators in order to effectively manage overall security of the system. It is installed in Windows Server 2008 by default and ensures that directories or files are securely handled by administrators. There are specific features of the Server Manager such as remove or install server roles, edit serve features or roles, identification of server status or server identity, and stopping or triggering services on server. BitLocker drive encryption is one of the active measures taken in order to address security vulnerability in Windows Server 2003. This strategy restricts access of an attacker, and hackers are unable to identify valuable data such as credit card data, passwords, etc., stored in the system (Jajodia and Noel, 2010). Windows Vista file system forms the basis of Windows Server 2008. The digitally signed files are also a support given to Windows Server 2008 in order to safeguard it from vulnerabilities. These digital signatures are basically stored for dynamic link libraries and executable files. The extent of data integrity is checked by the system with the support of such digital signatures. On the other hand, read-only domain controller is another measure that protects office branches (Zhang, Cheng and Boutaba, 2010). This security measure enables an organisation to deploy domain controller to certain areas where there is lack of guaranteed physical security. The read-only domain controller is able to provide faster logons, enhanced security and improved accessibility to wide range of network resources. Exploration of the general security approaches The measures which have been undertaken by Microsoft are centred towards protecting stored data from unauthorised access. These measures can be regarded as special programme configured to develop a system that is well protected against any form of malicious attacks. However Windows Server 2008 could have been protected through incorporating general security approaches. Data loss is a common problem when it comes to operating on an open system. The networked platform enables individuals or business entities to easily share or access valuable data, but also poses threat for system administrators. Anti-phishing is a common approach which could be incorporated to design a better system (Provos, Rajab and Mavrommatis, 2009). This approach guards a system from attempts made to acquire credit card details, passwords, or even operations performed by fake websites. System hardening is an effective way to reduce such vulnerabilities. The concept of system hardening deals with reducing overall surface which is likely to remain vulnerable. It is often stated that a single secured system is better than a system with multiple roles (Jamsa, 2011). For instance, Windows Server 2008 can be hardened through formulating security policy. This policy needs to mainly encompass disabling unnecessary services, classifying restricted audit policies, limiting current firewall rules and eliminating all unused firewall rules. The issue of data loss can be addressed by deleting all such unnecessary accounts which holds valuable information. It is essential that administrator account is disabled firstly, so as to ensure that attackers are not able to access valuable information. On the other hand, system applications installed needs to be role related (Vaquero, Rodero-Merino and Morán, 2011). There are certain applications which utilises service backdoors, and this might raise questions against overall system security. Over the years, efficient firewalls are designed that can protect a system from attackers. However, the best measure would be to reconfigure Windows 2008 firewall. A built-in firewall is present within all Windows Servers but there is a need to modify the platform as and when required. Bi-directional firewall would be an appropriate mechanism to protect the server (Dondossola, Szanto, Masera and Nai Fovino, 2008). This form of firewall is responsible for filtering inbound as well as outbound traffic. The firewall rules can be designed through exploring Windows Active Directory Objects, protocols and destination or source IP addresses (Sotirov and Dowd, 2008). Figure 3 further elaborates the approach of reconfiguring Windows firewall. Figure 3: Firewall configuration (Source: Computing, 2011) The servers are faced with serious challenges that revolve around data sharing. Hackers are able to exploit data since they are given opportunity to access open data. Hence certain limitations should be imposed on data sharing activities. “Net share” is a command to be used for disabling unnecessary shares. This command would outline all possible shares on the server. The security and system administrators need to transform necessary shares into hidden shares, in order to harden share permissions (Woo, Joh, Alhazmi and Malaiya, 2011). A hidden share is usually developed by entering ‘$’ symbol after the file name to be shared as highlighted in figure 4. Figure 4: Disabling unnecessary shares (Source: Computing, 2011) These shared files would still be accessible but cannot be traced on the server network. This approach shall protect valuable information from exploitation. Evaluation of a 3rd party protection mechanism In real world scenario, business firms need to rely on multiple security layers. The third-part host firewalls are a common entity observed in server network. Windows firewall is highly efficient in terms of protecting the system resources but still there has always been a demand for third party firewall. There are categories made by which third-party firewalls shall work in coordination with Windows firewall. The state of networking in current scenario lacks appropriate security levels. It is important to determine whether host-based or network firewalls shall be most suitable (Buyya, Yeo, Venugopal, Broberg and Brandic, 2009). The network firewalls can be further categorised as hardware or software-based firewall system. These firewall systems are inclined towards regulating inbound and outbound traffic. Host-based firewalls are designed to safeguard a computer system irrespective of its connection to a network. The third-party firewall system in Windows Server performs the function of packet filtering. It is the primary objective of any firewall, to facilitate smooth flow of traffic. The packets are inspected by firewalls in order to determine which data to accept or reject. There is possibly everything which is blocked by firewalls. Windows Server encompasses certain routers which possess filtering capabilities. In filtering rules, there are some embedded TCP/IP attributes such as source IP address, IP Protocol, destination IP address, destination UDP and TCP ports, source UDP and TCP ports, interface where the packet reaches or where it arrives (Iosup, Prodan and Epema, 2014). Microsoft has designed its applications in such format that it is well aligned with host-based firewalls and routers. Firewall configuration is required in some cases so as to support applications. It is observed that host-based firewalls are adopted in majority systems since it can be easily configured. These firewalls would instantly send a message when an application attempts to use the network. The third-party firewall which is used in Windows Server is capable of filtering traffic based on destination or source IP address. A host’s location can be well identified with the help of IP addresses (So, 2011). These addresses enable a system based on networks or computers to deny or allow traffic. The destination filtering can be stated as blocking websites, whereas, source filtering deals with enhancing control over internal networks compared to external networks. To be more precise, Windows firewall and third-party firewalls work in collaboration to exhibit stateful inspection filtering process (Liu and Zhang, 2008). This is a mechanism whereby packets are efficiently inspected as soon as they reach the firewalls. On the basis of this mechanism, UDP or TCP conversation is maintained, along with constant checking of TCP flags by ISA Server (Brohi and Bamiah, 2011). The flags are responsible for denoting the phase of conversation whether, start-up, and middle or end phase of overall conversation. These are few protection mechanisms that have been incorporated in Windows Server to enhance its security level. Conclusion As per the study, Windows Server is highly vulnerable to various security threats. These security issues mainly arise because data is being transmitted or shared over an open network. IAAS platform is a form of virtual interface which establishes connection between different subjects. The most common technology witnessed within this cloud computing platform is Windows Server. It is clearly evident that data loss or data security is an important issue faced by such servers. However, there is wide range of protection mechanisms designed which safeguards the system from any kind of malicious attacks. There have been advancements made on Windows Server in order to ensure that there is a protected infrastructure available to users. Windows Server 2008 was closely scrutinised in this study, so as to identify specific challenges and ways to resolve them. The aspect of data security can be efficiently handled when proper firewalls are designed to safeguard data from exploitation. Microsoft has its own firewall and it also integrates with third-party firewall system, in order to offer a system that can accept as well reject data packets. A strong filtering process to desirable extent is embedded within present Windows Server. There are some general approaches too discussed in the study that can eradicate such vulnerabilities such as configuration of firewalls, restricting data sharing, etc. They are means to avoid hacking or loss of valuable information. References Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A. and Zaharia, M., 2010. A view of cloud computing. Communications of the ACM, 53(4), pp. 50-58. Brohi, S. N. and Bamiah, M. A., 2011. Challenges and benefits for adopting the paradigm of cloud computing. Int. J. Adv. Eng. Sci. Technol, 2, pp. 286-290. Buyya, R., Yeo, C. S., Venugopal, S., Broberg, J. and Brandic, I., 2009. Cloud computing and emerging IT platforms: Vision, hype, and reality for delivering computing as the 5th utility. Future Generation computer systems, 25(6), pp. 599-616. Computing, C., 2011. Cloud computing privacy concerns on our doorstep. Communications of the ACM, 54(1), pp. 125-138. Doelitzscher, F., Sulistio, A., Reich, C., Kuijs, H. and Wolf, D., 2011. Private cloud for collaboration and e-Learning services: from IaaS to SaaS. Computing, 91(1), pp. 23-42. Dondossola, G., Szanto, J., Masera, M. and Nai Fovino, I., 2008. Effects of intentional threats to power substation control systems. International Journal of Critical Infrastructures, 4(1-2), pp. 129-143. Iosup, A., Prodan, R. and Epema, D., 2014. Iaas cloud benchmarking: approaches, challenges, and experience. In Cloud Computing for Data-Intensive Applications. New York: Springer. Jajodia, S. and Noel, S., 2010. Topological vulnerability analysis. In Cyber Situational Awareness. New York: Springer. Jamsa, K., 2011. Cloud Computing: SaaS, PaaS, IaaS, virtualization, business models, mobile, security and more. London: Jones & Bartlett Publishers. Liu, Q. and Zhang, Y., 2008. TFTP vulnerability finding technique based on fuzzing. Computer Communications, 31(14), pp. 3420-3426. Mell, P. and Grance, T., 2009. The NIST definition of cloud computing. National Institute of Standards and Technology, 53(6), p. 50. Moreno-Vozmediano, R., Montero, R. S. and Llorente, I. M., 2012. IaaS cloud architecture: From virtualized datacenters to federated cloud infrastructures. Computer, (12), pp. 65-72. Provos, N., Rajab, M. A. and Mavrommatis, P., 2009. Cybercrime 2.0: when the cloud turns dark. Communications of the ACM, 52(4), pp. 42-47. So, K., 2011. Cloud computing security issues and challenges. International Journal of Computer Networks, 3(5), pp. 98-145. Sotirov, A. and Dowd, M., 2008. Bypassing browser memory protections in Windows Vista. New York: Blackhat. Vaquero, L. M., Rodero-Merino, L. and Morán, D., 2011. Locking the sky: a survey on IaaS cloud security. Computing, 91(1), pp. 93-118. Woo, S. W., Joh, H., Alhazmi, O. H. and Malaiya, Y. K., 2011. Modeling vulnerability discovery process in Apache and IIS HTTP servers. Computers & Security, 30(1), pp. 50-62. Zhang, Q., Cheng, L. and Boutaba, R., 2010. Cloud computing: state-of-the-art and research challenges. Journal of internet services and applications, 1(1), pp. 7-18. Read More