Infrastructure + Security: Noteworthy News (January, 2018)

Hello there! Stanislav Belov here to bring you the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis. Enjoy! 

Microsoft Azure
Start/Stop VMs during off-hours
The Start/Stop VMs during off-hours solution starts and stops your Azure Virtual Machines on a schedule or by utilization. Save money by making sure VMs are off when not being used.
Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines
DCs in Azure with SYSVOL, NTDS.DIT, or NTDS logs on the system drive could run into JET database inconsistencies at the time of service healing (the virtual machine is moved between Microsoft Azure hosts).
In Microsoft Azure, Microsoft recommends that the SYSVOL, NTDS.DIT, and NTDS logs be placed on drives which are not the system drive.

Data disk drives do not cache writes by default. Data disk drives that are attached to a VM use write-through caching. Write-through caching makes sure the write is committed to durable Azure storage before the transaction is complete from the perspective of the VM’s operating system. It provides durability, at the expense of slightly slower writes.

Mesh and hub-and-spoke networks on Azure (PDF)
Virtual network peering gives Azure customers a way to provide managed access to Azure for multiple lines of business (LOB) or to merge teams from different companies. Written by Lamia Youseff and Nanette Ray from the Azure Customer Advisory Team (AzureCAT), this white paper covers the two main network topologies used by Azure customers: mesh networks and hub-and-spoke networks, and shows how enterprises work with, or around, the default maximum number of peering links.
Windows Server
PowerShell Core 6.0 is available

As of January 10th, 2018: PowerShell Core 6.0 is a new edition of PowerShell that is cross-platform (Windows, macOS, and Linux), open-source, and built for heterogeneous environments and the hybrid cloud.

How to Switch a Failover Cluster to a New Domain

For the last two decades, changing the domain membership of a Failover Cluster has always required that the cluster be destroyed and re-created. This is a time-consuming process, and we have worked to improve this.

Windows Client
Shielded VM local mode and HGS mode
With the new capability in Windows 10, version 1709, Windows Client can host shielded VMs while using remote Host Guardian Service (HGS) attestation. This caused some confusion as people stated they have already been running shielded VMs on client. This blog post is intended to clarify things and explain how to run them side by side.
Always On VPN and DirectAccess Features Comparison
With Windows 10 Virtual Private Networking (VPN), you can create Always On VPN connections so that remote computers and devices are always connected to your organization network when they are turned on and Internet connected.
Security
ATA readiness roadmap
Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats. This document provides you a readiness roadmap that will assist you to get started with Advanced Threat Analytics.
Microsoft offers several mechanisms to protect against ransomware
The start of a new year is the perfect time to reassess your security strategy and tactics – especially when looking back at the new levels of ransomware’s reach and damage in 2017.
It’s no secret that ransomware attacks are increasing. In fact, a business is hit with ransomware every 40 seconds¹. If ransomware does get a hold of your data, you can pay a large amount of money hoping that you will get your data back. The alternative is to not pay anything and begin your recovery process. Whether you pay the ransom or not, your enterprise loses time and resources dealing with the aftermath. Microsoft invests in several ways to help you mitigate the effects of ransomware.
A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017
The year 2017 saw three global ransomware outbreaks driven by multiple propagation and infection techniques that are not necessarily new but not typically observed in ransomware. While there are technologies available on Windows 7 to mitigate attacks, Windows 10’s comprehensive set of platform mitigations and next-generation technologies cover these attack methods. Additionally, Windows 10 S, which is a configuration of Windows 10 that’s streamlined for security and performance, locks down devices against ransomware outbreaks and other threats.
How to disrupt attacks caused by social engineering
The art of social engineering is nothing new itself and was already present in the age where broadband connections didn’t even exist. At that time, we used to call these kinds of threat actors not hackers but con men. Frank Abagnale, Senior Consultant at Abagnale & Associates once said “In the old days, a con man would be good looking, suave, well dressed, well-spoken and presented themselves really well. Those days are gone because it’s not necessary. The people committing these crimes are doing them from hundreds of miles away.”
Why use shielded VMs for your privileged access workstation (PAW) solution?
Running virtual machines (VMs) on Windows client is not new, but running a shielded VM on Windows client is. The ability to run shielded VMs on client was introduced in the Windows 10 1709 release. There are many security considerations built in to shielded VMs, from secure provisioning to protecting data at rest. As part of the PAW solution, the privileged access workload gains additional security protections by running inside a shielded VM.
Vulnerabilities and Updates
Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems
At the begging of January the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure. In this blog, I’ll describe the discovered vulnerabilities as clearly as I can, discuss what customers can do to help keep themselves safe, and share what we’ve learned so far about performance impacts.
Windows Server guidance to protect against speculative execution side-channel vulnerabilities
This guidance will help you identify, mitigate, and remedy Windows Server environments that are affected by the vulnerabilities that are identified in Microsoft Security Advisory ADV180002. The advisory also explains how to enable the update for your systems.
Guidance for mitigating speculative execution side-channel vulnerabilities in Azure
The recent disclosure of a new class of CPU vulnerabilities known as speculative execution side-channel attacks has resulted in questions from customers seeking more clarity. The infrastructure that runs Azure and isolates customer workloads from each other is protected. This means that other customers running on Azure cannot attack your application using these vulnerabilities.