Question

Explain in very good details the hardening and procedures of Microsoft Server 2019

Answer 1

The hardening and procedure of Microsoft Server 2019:

Windows Server 2019 is made on the sturdy foundation of Windows Server 2016 and brings varied innovations on four key themes: Hybrid Cloud, Security, Application Platform, and Hyper-Converged Infrastructure (HCI).

Application Platform:

Linux instrumentations on Windows it's currently attainable to run Windows and UNIX system-based containers on identical container host, victimization identical dock worker daemon. this allows you to possess a heterogeneous instrumentation host atmosphere whereas providing flexibility to application developers.

Hybrid Cloud:

Server Core app compatibility feature on demand. The Server Core App Compatibility feature on demand (FOD) significantly improves the app compatibility of the Windows Server Core installation choice by as well as a set of binaries and parts from Windows Server with the Desktop expertise, while not adding the Windows Server Desktop expertise graphical atmosphere itself. this is often done to extend the practicality and compatibility of Server Core whereas keeping it as lean as attainable.

This optional feature on-demand is on the market on a separate ISO and maybe further to Windows Server Core installations and pictures solely, using DISM.

Security:

Windows Defender Advanced Threat Protection (ATP), For a lot of info regarding Windows Defender adenosine triphosphate, see Overview of Windows Defender adenosine triphosphate capabilities.For a lot of info on onboarding servers, see Onboard servers to Windows Defender adenosine triphosphate service.

Windows Defender adenosine triphosphate Exploit Guard is a brand new set of host-intrusion interference capabilities. The four parts of the Windows Defender Exploit Guard area unit designed to lock down the device against a good type of attack vectors and block behaviors usually utilized in malware attacks, whereas enabling you to balance security risk and productivity needs.

Attack Surface Reduction(ASR) is a set of controls that enterprises will alter to stop malware from old-time the machine by interference suspicious malicious files (for example, workplace files), scripts, lateral movement, ransomware behavior, and email-based threats.

Network protection protects the termination against web-based threats by interference with any departing method on the device to untrusted hosts/IP addresses through Windows Defender SmartScreen.

Controlled folder access protects sensitive knowledge from ransomware by interference with untrusted processes from accessing your protected folders.

Exploit protection is a group of mitigations for vulnerability exploits (replacing EMET)that is simply designed to safeguard your system and applications.

Windows Defender Application Control (also referred to as Code Integrity (CI) policy) was discharged in Windows Server 2016. client feedback has prompt that it's a good idea, however onerous to deploy. to deal with this, we've engineered default CI policies, that permit all Windows in-box files and Microsoft applications, like SQL Server, and block glorious executables that may bypass CI.

Troubleshooting enhancements:

We've conjointly created it easier to troubleshoot your protected virtual machines by enabling support for VMConnect increased Session Mode and PowerShell Direct. These tools area unit notably helpful if you have lost network property to your VM and wish to update its configuration to revive access.

Storage:

Storage Migration Service:

Storage Migration Service could be a new technology that creates it easier to migrate servers to a more modern version of Windows Server. It provides a graphical tool that inventories knowledge on servers, transfers the information and configuration to newer servers, so optionally moves the identities of the previous servers to the new servers so apps and users do not have to alter something.

1.Deduplication and compression for ReFS volumes
2.Native support for persistent memory
3.Nested resiliency for two-node hyper-converged infrastructure at the sting
4.Two-server clusters employing a USB flash drive as a witness
5.Windows Admin Center support
6.Performance history
7.Scale up to four metal per cluster
8. Mirror-accelerated parity is 2X quicker
9.Drive latency outlier detection
10. Manually delimit the allocation of volumes to extend fault tolerance

Encrypted Networks:

Encrypted Networks - Virtual network cryptography permits cryptography of virtual network traffic between virtual machines that communicate with one another at intervals subnets marked as Encryption Enabled. It conjointly utilizes Datagram Transport Layer Security (DTLS) on the virtual subnet to inscribe packets.

Understanding Third-Party Security Configuration Baselines:

Third-party security configuration baselines area unit complete lists of the safety controls that may be applied to a selected product. at the present their area unit security configuration baselines revealed by DISA and CIS that describe the safety controls that may be applied to Windows Server 2016 and Windows Server 2019.

The two most powerful security baselines for Windows Server 2016 and Windows Server 2019 are:

1. Security Technical Implementation Guides (STIGs) revealed by the Defense data system Agency (DISA). the foremost recent Windows Server 2016

2.The Center for net Security (CIS) security benchmark for Windows Server 2016.

Thank U :)