![]() ![]() Secure Core Server Extension in Windows Admin Center System Guard builds on these lower-level features and validates the whole boot chain using Static Root of Trust for Measurement (SRTM), Dynamic Root of Trust for Measurement (DRTM) and System Management Mode (SMM) protection. CFG is a part of Windows that stops malicious applications trying to corrupt the memory of benign applications. HVCI builds on top of VBS to protect modifications to the Control Flow Guard (CFG) bitmap and checks device drivers for EV certificates. ![]() The six areas are:Įach of these contribute to a trusted hardware platform: the TPM stores Bitlocker keys plus other secrets securely VBS uses hardware virtualization (not a whole separate VM, just an area of memory protected using Hyper-V) to stop credential attacks (Mimikatz) and Secure Boot verifies the signatures on the boot software (the OS itself, the UEFI and any EFI applications). This is timely as firmware attacks are on the rise and having a strong guarantee that the underlying hardware is secure is important.Ĭomprising six areas, Secure Core Servers from the major server manufacturers will come with a Trusted Platform Module (TPM) 2.0 chip, Bitlocker plus Virtualization Based Security (VBS), enabled straight out of the box. I'll also provide my own analysis of where each feature actually brings real-world benefits and where it's more of a marketing spin.Īs the name implies, Microsoft is taking the tech incorporated into newer PC devices to protect against firmware attacks and expanding it to the server platform. The three main areas are Secure Core Server, SMB over QUIC, and Storage Migration Service, with additional honorable mentions for security, networking and Hyper-V. I looked at the preview back in April (" Windows Server 2022 Is Coming!") and most of that information stands for the GA release. ![]() However, there are some very useful features and there are definitely reasons to migrate (just not as many as in the past) so let's dig in. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |