The news of this week

In this edition, we will be looking at:

New stock in this week

Product Review Windows server - 2008 R2 standard edition

The WannaCry scramble

Are travel WI-Fi routers secure?

Stock in hand

Product Review of Windows serve - 2008 R2 standard edition

Standard Server is considered the entry-level version of Windows Sever 2008 (if there is such a thing as "entry-level" with server platforms). It is suitable for smaller businesses and organizations ("smaller" meaning users in the hundreds, not thousands, although multiple standard servers in a tree or trees would certainly accommodate even the largest of companies).

Standard Server supplies all the features discussed in this hour, including Hyper-V virtualization, and IIS7. It also provides for Network Address Translation and multihomed servers (servers with more than one network interface) that allow multiple network clients to share the same Internet connection in a small business setting.

Standard Server supports multiple processors (four cores on both x86 and x64 systems) and up to 4GB of RAM on an x86-based server and 32GB of RAM on an X64-based server. Standard Server provides a maximum of 250 Remote Access connections and 250 Terminal Services connections.

Some of the best features of the system include:

  • Virtualization

  • Server Core

  • IIS 7

  • Role-based installation – allows you to simply specify the role the server is to play and installing only what's necessary

  • Read Only Domain Controllers (RODC)

  • Enhanced terminal services

  • Network Access Protection

  • Bitlocker

  • Windows PowerShell

  • Better security

All the versions of Windows Server 2008, except for the Web Edition, include the Hyper-V virtualization platform, although buyers of the standard edition could opt out of the Hyper-V virtualization platform if they wished.

The WannaCry scramble

A couple of weeks ago, possibly every security manager in the world was dealing with the repercussions of WannaCry (WannaCrypt), a ransomware worm that screamed across the internet and flooded the media. IT and security departments, placed on high alert, had to scramble — whether or not any of their systems had been infected. I was no exception.

WannaCry emerged after a hacking group named Shadow Brokers leaked a number of exploits and data related to previously undisclosed vulnerabilities in various technologies, including Microsoft Windows. One of the leaked exploits was modified and subsequently given a variety of names, the most prevalent of which was WannaCry. This malware features some nasty functionality. Not only does it encrypt data on hard drives and demand a ransom for the decryption key, but it also attempts to propagate via a previous known vulnerability in Windows’ Server Message Block (SMB) protocol.

Although Microsoft had issued a patch for this vulnerability, it hadn’t been implemented on thousands of PCs, for various reasons. Among those reasons was that many of them still run on outdated Windows OSs that are no longer recipients of free-of-charge support — and many users decided against paying for support. WannaCry could have been much more devastating than it was — and it was very disruptive, affecting hospitals and other health services in disproportionate numbers — if not for a “kill switch” that the malware author included in the code. There are various schools of thought as to why this kill switch existed, but the consensus is that the author wanted a way to stop the malware from propagating. The method was to register an obscure web domain. As long as the domain didn’t resolve to anything, the malware would continue to propagate and infect vulnerable devices. But a security researcher discovered the kill switch and registered the domain, which stopped the malware.

In the end, something like 200,000 devices (that we know of) were impacted.

And so, like many security professionals and IT departments, I was scrambling. Improved variants of WannaCry have already emerged, and I wanted to get ahead of the game, as well as determine whether there had been any impact to my organization. My first step was to ensure that all of my company’s PCs and servers were up to date with patches and had the most current endpoint protection installed and running. I also wanted to make sure that every device was being backed up, that the backups were occurring on a daily basis and that there was a current backup available.As for the patches, it wasn’t enough that they had been installed, since patches can be installed but not able to actively protect a device because there has been no reboot. I made sure that any PC or server that had a patch pending was forced to reboot.

There was a problem, however: the PCs of remote employees. Our systems management tool, which checks patch status, is installed on our internal network. We have no patch visibility and control over PCs in the field unless the user VPNs into the office. Because there typically isn’t any need for remote PC users to VPN, since most of our corporate apps are SaaS-based, chances were good that we hadn’t been able to push polices and get reports on the patch status of hundreds of PCs.This, then, was a rare case when I felt I needed to be a big foot. I had the IT department instruct managers to mandate that all of their workers either connect to the VPN or send screenshots to verify that their PC was up to date with patches. I don’t like to be a burden on the IT department or to issue mandates, but the danger to our operations made it necessary — the alternative would have been even more of a burden.