|
Microsoft Windows Servers have been the fundamental basis of small and large business networks since the early 2000s, and for many companies, servers are their lifeblood. Servers are often the only entry point from the outside world. Workstations seldom require external ports to be open and most always use local firewalls to block inbound traffic. The nature of a server is to serve, and therefore, the Server Firewall is often disabled, or ports opened to allow necessary traffic. Whether you are running an in-house Exchange Server, Remote Desktop Server, File Server, Remote Management and Monitoring Server, or a Custom Application Server, you expose the server itself and your business to the risks of a vulnerability being exploited by attackers.
In 2017, EternalBlue, a computer exploit developed by the US National Security Agency (NSA), was leaked by the hacker group Shadow Brokers. Although Microsoft released a patch for the vulnerability, later that same year the WannaCry Ransomware used the exploit to infect unpatched machines and using servers to push malware to entire organizations. The EternalBlue vulnerability was in the Windows RPC stack, and while RPC is not likely to be an open port on the public network, it is a port that is open to enable file sharing. This allowed attackers to gain access to the server by infecting one workstation on the local network. The attackers gained access to a workstation through various sources including poor personal firewall management and a user opening a Microsoft Office document that contained malware.
Unfortunately, over the last six years, the EternalBlue exploit was not the only case where we have seen servers attacked. SolarWinds Orion, the Microsoft Exchange vulnerability, and Log4J are just a few other examples. IT and security professionals need to find ways to harden their servers without shutting down critical services. There is no silver bullet to stop a server from being compromised, but there are some steps you can take that will massively reduce the risk of your server being compromised.
At ThreatLocker our aim is to keep businesses safe and secure with our unique endpoint security solutions. We want to help you work smart and strengthen your security infrastructure from the ground up. Throughout this guide, you’ll find top tips and best practices to help you better protect your business, learn more about the ThreatLocker Zero Trust solutions and how to harden your Windows Servers securely.
Request Free! |