All right, so today we are really diving deep get this into Windows networking security, specifically the world of Windows AID and Server twenty twelve. Right, we're using excerpts from a Windows twenty twelve Server Network Security to kind of guide us. Think of it as our security handbook for this deep dive.
And what a handbook it is. You know, this era really marked a shift in how we thought about security. Oh Will. It was no longer just for the IT specialist tucked away in a room somewhere, right. It became everybody's responsibility, from you know, the average user just browsing the web, right all the way up to the DNS admin.
And as funy as you should say that about the DNS admin because I was reading in the book, it's like you think about that role and you think, DNS, Oh, they just make sure that the websites work. But they have to think about security.
Too, oh absolutely, yeah, like.
Way more than just making sure a website loads.
Absolutely, you know, they have to think about things like availability during an attack. Okay, making sure that the system's not just protected, but that it's still giving out accurate information. Wow, it's a real balancing act.
So there's a lot more to it than meets the eye. And speaking of things that have more to them than meets the eye, the book mentions the CIA tryad a lot. Is that where this balancing act comes in.
The Cishod triad. It's essential confidentiality, integrity, availability, those three pillars they all have to work in harmony, okay, And this book it really hammers home the point that good security isn't just about building those digital fortresses, you know, with your firewalls and your encryption and everything. Yeah, it's also about making sure those systems are usable for the people who need them. Right.
So it's kind of like you could have the most secure car in the world, right, but if the doors are welded shut, it's not very practical exactly, you got it, It's not doing you any good.
And speaking of practicality and usability, you know Windows eight and Server twenty twelve, they brought some serious upgrades to the table.
They did, they did.
I'm thinking specifically about the revamp Server Manager, okay, and then the expanded power of PowerShell PowerShell.
Yeah, that was a big deal, right, huge, huge more power your fingertips.
But's double aid sword exactly.
That's what I was thinking like more power to break things too. If you're not careful.
It's like being handed the keys to like, you know, a Formula one race car. Okay, you know it's exhilarating, but you better know what you're doing behind the wheel, you.
Know, exactly. Yeah, if you don't know what you're doing, you could get in trouble.
Exactly.
We'll be off the track in no time.
In this book, it really gets into the nitty gritty of how to use these tools. Yeah, but for our purposes today, we're going to focus on the security essentials. Okay, sounds good, Just the need to know to keep you safe on the information super Highway.
Love it. Love the analogy.
Right.
So, one thing that was really making waves back then and still is is the rise of IPv six. Yes, remember all the hype about running out of IPv four addresses.
Oh absolutely, it was like the Y two K the Internet. It was.
It was everyone was talking about it.
But you know, IPv six, that's a whole other ball game.
Yeah.
Instead of those thirty two bit addresses we were used to, we're talking one hundred and twenty eight bits. Yeah, basically an unlimited number of addresses.
It's practically an unlimited number.
Yeah.
The book was saying it's enough for every person on Earth to have billions of addresses each and then some yeah yeah, like it's incredible. It is no more hoarding ip addresses like they're going extinct exactly. And I gotta say, you know, this is maybe a personal preference. Yeah, but I always found that colon and hexadecimal notation in IPv six addresses, right, just a bit more I don't know, elegant.
A little cleaner.
Yeah, it's cleaner. I like it it is, even if it takes a little getting used to.
It's definitely a more I think, scalable system designed with the future in mind, you know, security in mind, right, long term, long.
Term, Yeah, because we're not going to run out of addresses anytime soon with IPVs.
Not anytime soon.
So we've got all these addresses, but how do devices actually get them. That's where DHCP comes in.
Right, ECP. It's like the automated address dispenser of the network world, exactly, right. You just show up, you get an address, You're good to go.
It just makes things so much easier because I mean, can you imagine having to manually configure.
Oh, I don't even want to think about.
It, the IP settings for every single device on a network. Oh, the nightmare, especially a large network like a corporate network.
Especially, Yeah, forget it.
Oh it'd be impossible.
Yeah, no, it's essential.
So DHCP is great for streamlining things. But the book hints at some security risks involved as well. Right, something about blind trust.
Well, the issue is that DHCP in its basic form, it doesn't have any built in authentication.
What do you mean.
It's like, you know, leaving a bowl of candy on your porch with a sign that says, please take one. Okay, you're just trusting everyone to play by the rules.
And in the network world, not everyone plays.
By the rules exactly. You got it. You never know who's going to show up and grab a hand for right exactly.
So what could go wrong? Give me an example.
Okay, so let's say someone sneaks a rogue DHCP server onto your network.
A rogue DHCP server.
A rogue one. Yeah, it's like a wolf in sheep's clothing. When your device instantly requests an IP address this rogue server, it can jump in with a bogus one.
So instead of getting a piece of candy, I get a rock.
The rock exactly. That fake IP address, it can block your device from connecting entirely, or worse, it could redirect your DNS requests, sending you to a fake website, maybe designed to steal your information.
Oh so that's how that works, exactly. That's really scary.
It's sneaky.
But I think I remember reading in the book about some defenses against these rogue servers.
Yeah.
Yeah, like something called DHCP snooping.
EHCP snooping. That's a life saver. Yeah. It works with your network switches to create essentially a VIP list. Okay, so only DHCP responses from trusted HGC addresses and ports are let through.
So it's like having a bouncer at our party.
Exactly, only the people on the list get through.
I like that analogy, right. What about DHCP reservations. I remember that being a big deal for important systems.
DHCP reservations those are essential. To think of it like assigning reserved parking spaces in your network. Okay, you're basically telling the DHDP server this specific device always gets this specific IP address, no exceptions.
Which makes sense for things like servers or printers. Absolutely, yeah, things that need to have that static address.
Anything mission critical that needs a permanent address. That makes a lot of sense, and you're essentially nailing it to that device's MC address for IPv four or it's DUID for IPv six. Gotcha either way, no more musical chairs with IP addresses for those important devices.
That's great. So we've got our addresses sorted with DHCP.
We do.
Now let's talk about how we actually find our way around the Internet, and that's where DNS comes in, right.
DNS it's the Internet's phone book, right.
Yeah, it is.
It takes those easy to remember domain names like Google dot com and translates them into those IP addresses that the computers use to actually communicate.
Yeah, because who wants to remember a string of numbers every time you want to visit a website?
No one, it'd be impossible, to be impossible, right exactly.
But like with any good system, I'm guessing there are vulnerabilities with DNS too, right, Oh.
Absolutely, DNS is a prime target. Really, it's a critical piece of Internet infrastructure, okay, and like any critical system, it's got its vulnerabilities.
So what are some of the things that can go wrong with DNS.
Well, one of the biggest threats is DNS.
Spoofing, DNA spoofing? What is that?
So imagine someone you know, tampers with the DNS cash okay, either on your computer or maybe on a DNS server, right, and suddenly you're being redirected to a malicious website.
Even if I type in the correct address.
Even if you type in the correct address, you're not going where you think you're going.
Oh wow, So I could type in like a Google dot com and end up on some sketchy fishing site exactly.
That's how they get you. It's all about misdirection.
That's really sneaky.
Thankfully, there are ways to protect against this, okay, good. The book talks about a feature in Windows Active directory called Secure Dynamic Updates.
Secure Dynamic Updates, what is that.
It's like a security checkpoint for any changes to your DNS records, so only authorized devices can update the records, so.
No one can just waltz in and change things exactly.
It prevents anyone from you know, hijacking a domain name or creating these fake entries to mislead people.
That makes sense.
I liked it. The book also mentions this this interesting little detail about something called the dncept beat date Proxwi group.
The DNCE up beat prox Wei group. I don't think I've heard of that one.
So, you know, when you've got multiple DHCP servers on a.
Network, okay, which is common.
Yeah, it's very common, especially in larger organizations. Right, they need a way to you know, play nicely together, right when it comes to updating those DNS records. Yeah, that's where this comes in. It ensures that they can all modify the necessary registrations without causing conflicts or you know, disrupting connections.
So it's all about keeping things in sync exactly.
Synchronization and cooperation.
That's the key, I like it. Right, So we've gone from securing the network's foundation with DHCP right to making sure we can find our way around safely with DNS.
It's all connected, you see.
It is. Yeah, it's all part of the big picture, it is. Now let's shift gears a bit and talk about something that's directly relevant to well everyone using a Windows eight computer okay, Yeah, those different network location types from group work and public right right, right, I always found those interesting, Like what are the security implications of choosing one over the other.
It's all about setting the right security posture for your computer, yeah, right, depending on where you are and what you're doing. Okay, a home group, for example, it's like hanging out in your living room.
So pretty relaxed, pretty secure environment exactly.
You're mostly a trusted devices right right, So things are, you know, a bit more relaxed.
You're not too worried about someone swiping your data precisely.
You're more worried about, you know, maybe someone accidentally seeing something they shouldn't, right.
Exactly, Like you don't want your roommate reading your diary exactly.
Then you've got your work network, which is designed for well work environments.
So a bit more security than your living room, a bit more locked down. Yeah, you don't want just anyone accessing sensitive company information exactly.
And then you've got public, which is like you know, the coffee shop, the airport.
The wild West of network, the wild West.
You've got your cowboy hat on.
You're ready for anything, right, because you really don't know who's out there.
You don't know who's lurking on that public Wi Fi.
You could be sitting next to a hacker and not even know it, exactly.
So you want to make sure you're wearing your digital armor, so to speak.
That makes a lot of sense. So if I'm at a coffee shop, yeah, I definitely want to make sure I'm in that public.
Mode, public mode, lockdown.
I want just anyone peeking at my files, exactly.
You want to keep your private data private.
Now, speaking of sharing files, Windows eight also introduced that home group feature right right, specifically for home networks.
Right right. It was designed to make sharing you know, files and printers between Windows seven and a PC's super easy.
So it's like a little private network within your home network exactly.
It created this like little enclosed space where you can easily share things.
And it was password protected, right yeah, so only people with the password could access the shared stuff exactly. But I imagine the security of that home group really depended on the strength of the password. Right.
Absolutely, a week password is like leaving the door to your secret club wide open.
So it's still important to choose a strong, unique password, even for your home network.
Absolutely, never underestimate the importance of a strong password.
Good advice. Now let's talk about wireless security. Ah, yeah, topic that's always top of mind always. I remember back in the day there was alt us talk about hiding your sasid right, like it was some secret agent tactic.
Security through obscurity, as they call it, But is that really effective. It's like hiding your house key under the welcome matt.
It might deter some casual snoopers, it might deter your neighbor's kid, but great, but a determined thief.
A determined thief is going to find a way in.
So what should we be doing to actually secure our Wi Fi?
Strong encryption is your best friend?
Okay? What kind of encryption are we talking about?
WPA two specifically with AES encryption.
WPA two with AES, got it, that's the gold standard. Okay.
You know older protocols like WEP or WPA with TIP encryption, those are much more vulnerable these days, so those are a no go. Yeah, try to avoid those if you can.
Okay, good to know.
And be careful with those settings that automatically connect you to Wi Fi networks when you're in range.
You mean, like when my phone just automatically connects to my home Wi Fi when I get home.
Exactly, or to that coffee shop WiFi you used.
One, right, right? So convenient, but maybe not always the safest.
Convenience can sometimes come at the cost of security.
So it's better to choose my Wi Fi networks carefully and connect manually exactly.
Be mindful of where you're connecting, and always double check the network name.
Okay, good advice, I like it.
You don't want to accidentally connect to a rogue access point set up by some hacker.
A rogue access point.
Yeah, they can set up fake Wi Fi hotspots that look legitimate.
Oh wow, that's really sneaky.
They are sneaky, those hackers.
So you really can't be too.
Careful exactly, always be vigilant.
Good advice. So we've talked about securing our networks foundation right and making sure we can find our way around safely. Yes, but what about protecting our individual computers. That's where the Windows firewall comes in, right.
Ah, the trusty Windows Firewall everyone's first line of defense. It is, it really is. Most people know to turn it on and off, right, But there's a lot more to it than that.
So give me the rundown. That's the bigger pick.
Sure here, Well, think of the Windows firewall like a like a bodyguard for your computer.
You know.
Okay, it's that first line of defense against unauthorized access. Checking those digital IDs at the door.
I like it. So it's like having a bouncer at the door of my computer exactly. And Windows comes with like a set of default rules, right, so it knows who to let in and who to keep out automatically.
Right. It's like a preapproved guest list, you know, designed to keep out those common troublemakers.
Gotcha. But the cool thing is you can customize those rules, right.
Oh, absolutely, you can get really granular with it, you know, really specify who's allowed in and out.
So if I'm running a server or something, I can create my own rules for that exactly.
Let's say you're, you know, running a web server from your home office. Okay, you need to create a rule that allows incoming traffic on port.
Eighty because that's the standard port for web traffic exactly.
Otherwise no one would be able to access your website.
So it's like adding a side entrance to your house, right with a speparate key. Only certain people can use it.
You got it. And remember those work location types we talked about domain, private, public, right, Well, the Windows firewall actually has different profiles for each one.
So it adjusts its security posture based.
On where I am exactly. It's like, you know, if you're walking alone at night, you can be more on guard, right than if you're strolling through your living room.
So the public profile that's going to have the tightest security by.
Default exactly you don't know who's out there.
Makes sense now. The book also mentioned something called Windows Firewall with Advanced Security.
Oh, yes, that's for the power users. Okay, the control freaks.
Like me, what kind of control are we talking about here?
We're talking granular control. You're not just flipping a switch on or off. You know, you're defining very specific rules.
Okay.
You can control access based on the program, the port, the protocol where the connection is coming from, going to Wow. You can even get really specific and base it on the user account.
So if I wanted to like prevent a specific application from accessing, then I could do that.
You got it. It's like, you know, imagine you're in a crowded room and you have the power to control the Internet usage of every single person in there.
And that's impressive. I like it.
It's powerful stuff. The book also delves into ip sec ip SEC.
Yeah, I remember seeing that.
What is that ip sec? It's like a super secure tunnel for your data. Okay, so while it's traveling across the Internet, it's protected.
So it's like encrypting my data while it's in transit exactly.
Think of it like like you're sending a secret message, you know. Okay, you put it in a lock box and only the person with a key on the other end can open it.
That's a good analogy, and it uses.
You know, several different techniques to keep things safe.
Like what, give me some examples.
So there's something called authentication headers.
Ah, authentication headers.
Yeah, these are like tamper proof seals for your data packets. Okay, so you know that the data hasn't been messed with in transit.
Okay, that makes sense.
And then there's encapsulation security payload or ESP for short, ESP, which encrypts the actual data itself, so even.
If someone intercepts it, they can't read it.
Exactly, it's just gibberish to them.
I like it.
And to make sure it all runs smoothly, ip sec uses something called the security association or.
Essay, a security association okay.
Yeah, it's like an agreement between the two devices on how they're going to secure their communication.
So they're on the same page.
Exactly, same encryption algorithms, same keys, the whole nine yards.
I like it. So it's like a secret handshake before they exchange secret messages precisely.
Now, let's talk about remote access, okay, because that's become increasingly important in our always connected world.
Right, the ability to work from anywhere, connect to our home computers from afar. It's incredibly convenient, it is, but I'm guessing there are some security concerns there as well. Well. Absolutely, yeah, because you're essentially opening up your computer to the outside world.
It's like leaving the front door of your digital house wide open.
So we got to be careful, right, very careful. What are some of the things we should be thinking about when it comes to remote access tools.
Well, let's start with let's start with teln it.
Telln it. Okay, I've heard of that one, but I've never really used it.
Yeah, tell it. It's a bit of an old timer in the remote access world, in old Teimer. It's been around for ages. It's very simple, simple, but not exactly known for its robust security.
Okay, why is that?
The problem with telln it is it sends data in plaintext, plaintext, plaintext, which means Anyone who intercepts that data can read everything.
So not ideal if you're working with like sensitive information.
Not ideal at all. It's like, you know, writing your message on a postcard. Yeah, anyone who sees it can read it.
So tellent is a no go for anything important.
It's best to avoid it if you can, for sure.
Okay, good to know.
There are much more secure alternatives out there, like SSH for example.
Yes, a sage Okay, I'll have to look into that. So what about remote desktop That's the one I see everywhere.
Ah, remote desktop that's become the go to for a lot of people. Yeah, and for good reason. It's much more secure than telmet thankfully.
Okay, good to know.
It's built right into Windows and it allows you to basically take control of a remote computer just like you're sitting right in front of it.
Yeah. I've used that to help family members with computer troubles. It's a life saver.
Oh, it's incredibly useful.
But I imagine there are still some security risks with remote desktop right, Oh, absolutely, because you're essentially opening up a port on your computer for someone else to connect.
To you are, and hackers know this. They specifically scan for open remote desktop ports.
So if I have remote desktop enabled and it's just like ah, open to the internet.
That's like, you know, that's like leaving a welcome mat out for trouble.
Not good. So what can I do to secure remote desktop? How do I lock it down?
Well? Strong passwords are a must for starters, of.
Course, Strong passwords for everything.
For everything, but especially for something like remote desktop where you're essentially giving someone the keys to your computer.
Makes sense. Any other tips?
Enable network level authentication.
Network authentication okay.
What is that? So that forces users to authenticate before they can even connect.
So it's like an extra layer of security.
Exactly, it's like having a security guard check your ID before they even let you in the building.
Okay, So strong passwords, network level authentication, anything else.
And restrict access What do you mean, don't just let anyone connect?
Okay?
Only allow specific users or IP addresses.
So it's like having a guest list for my computer. Only the people on the list are allowed in.
Exactly you like it.
So we're being selective about who we give access to.
Exactly. It's all about minimizing that attack surface.
Makes sense now. The book mentions some really interesting stuff about server twenty twelve and how it handles remote access. Oh yeah, it sounds like they really stepped up their game.
Oh yeah. Server twenty twelve has some cool features like there's Remote Desktop Gateway okay, which allows you to securely access your work computer from anywhere in the world.
So it's like having a secure tunnel directly to my work desktop exactly.
No matter where you are, you can connect secure.
That's amazing.
What else, and then there's remote Desktop web Access, which lets you connect to your desktop through a web browser.
Through a web browser. That's really convenient, super convenient.
You don't have to install any special software, you just need a web browser.
Wow. So Server twenty twelve really expanded the possibilities it did.
They really took it to the next level.
So we've talked about securing our networks, our individual computers, even accessing.
Them remotely go a lot to cover.
But what happens when things go wrong? Because let's face it, things inevitably go.
Wrong, right, that's the nature of technology.
What tools does Windows give us to monitor and troubleshoot these issues?
Well, Windows has some great built in tools for that. We've got task Manager, resource monitor, and event viewer.
Okay, so let's start with task Manager.
Task Manager everybody's favorite.
Yeah, it's the first place you go when something's acting up exactly.
Most people just use it to see what programs are running.
Right, or to force quit something that's frozen exactly.
But it's got some hidden depth really. Oh yeah, check out the performance tab.
The performance tab, what's in there.
It's a treasure trove of information. You can see your CPU usage, okay, memory usage, disc activity, and most importantly for our purposes, network activity. Oh okay, you can see how much data you're sending and receiving, which can be super helpful if you're having internet problems.
So if my connection is super slow, I can use task manager to see if anything's hogging the bandwidth exactly.
You can see which program is the culprit.
Oh, that's really helpful.
And keep an eye out for any processes that are sending or receiving a ton of data. Why is that could be a sign of malware, you know, something malicious.
Oh, so it's a good way to spot suspicious activity exactly. Always be vigilant, Always be vigilant. Good advice. Right, And then there's resource monitor. I'm not as familiar with that one.
Resource monitor is like task managers more tech savvy sibling. Okay, it gives you an even deeper dive into how your computer's are being used.
So we're talking CPU memory, disk activity, all that good.
Stuff, all of it, and of course network activity.
So it's like task manager on steroids exactly.
You can see which processes are connecting to which IP addresses. Wow, it's powerful stuff.
That's amazing. Right, it's like having a private investigator for my computer exactly.
And then we have event viewer.
Event viewer. I've always thought of that as like the computer's personal diary.
That's a great analogy. It's constantly keeping a record of everything that's happening.
So it's logging events both good and.
Bad, exactly, errors, warnings, information messages. It's all there.
So if something's acting up, event viewer is a good place to start.
Absolutely, it can point you in the right direction.
And it can also be helpful for network problems too, right.
Oh, absolutely, it logs events related to your network connections, DGP, DNS, all that good stuff.
So it's like a comprehensive history of my computer's activity.
Precisely, if you're trying to track down a problem event viewer is your friend.
This has been a fascinating deep dive. I've learned so much about Windows networking security.
It's been my pleasure, from.
Securing the network's foundation, to protecting our individual computers, even venturing into the world of remote access and troubleshooting. It's a lot to take in, it is, but it's so important.
It is. Security is paramount.
So as we wrap up here, any final thoughts for our listeners.
Knowledge is power, my friend. The more you know about your systems, the better equipped you are to protect them.
So keep learning, keep experimenting, and most importantly, keep those firewalls strong.
And your passwords even stronger.
Absolutely well said. Until next time, everyone, happy networking, stay safe out there.