Photo by Jan Canty on Unsplash
Security boundaries in Windows
Cordoned Off
Security architects are familiar with breaking down infrastructure into different levels. The unauthorized transition of a user from one area to another is considered a security breach. Windows offers various protection mechanisms against remote and local attackers. Microsoft first differentiates between different border areas, or security boundaries, and defines separate protection goals for each of these areas. These protection goals not only determine the security of the rolled-out Windows instances but also how the criticality of security vulnerabilities is assessed.
Consider a simple real-world data center example in which a physical area outside the data center is an area for visitors, another area is for customers, and two different areas are for employees, depending on their tasks. If a person enters the visitor area, for example, a transition to the first security zone takes place. As long as this access takes place during normal visiting hours, this action is not problematic. Outside visiting hours (i.e., when the doors are locked), this is obviously a security incident.
If the person is a customer or employee, they can enter the customer area after successful authentication by the gatekeeper. Once in the customer area, access to other areas usually relies on technical security systems.
Customers and employees use a chip card with a PIN for authentication that allows them to enter individual rooms. Support staff can also enter the general staff area in addition to the customer areas. Network administrators are also allowed to enter the rooms with the switches and routers in the data center.
What works in the real world can also be applied to securing operating systems. Microsoft defines nine different security boundaries for its own operating systems, active services, and devices in use, although they are not all hierarchically structured like the security areas in the example above. An associated document in the Microsoft
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Secure Active Directory with the rapid modernization plan
The rapid modernization plan by Microsoft is a practical guide to securing Active Directory, so criminals cannot gain access to privileged user accounts. -
Protect Hyper-V with on-board resources
With the right settings and small tools, security in virtual environments can be increased significantly by tweaking the on-board tools. -
Six new security features for Windows Server 2022
Configure the Secured-core server components to reduce the attack surface of your system with minimal overhead. -
Security features in Windows Server 2022
The release of Windows Server 2022 adds some new security features to its server operating system that might not be earth-shattering; however, you will find Secured-core, DNS over HTTPs, TLS 1.3, and Azure Stack HCI genuinely useful in your constant fight to harden server operations. -
Improving Docker security now and in the future
The focus for container solutions such as Docker is increasingly shifting to security. Some vulnerabilities have been addressed, with plans to take further steps in the future to secure container virtualization.