Archive

Posts Tagged ‘W2012’

Comparing Windows Server Networking features : W2012 x W2008.

December 10, 2012 Leave a comment

Windows 2012 : Feature rich, extensible, all there in the box, no compromises

 Networking feature Windows Server 2008 Windows Server 2008 R2 Windows Server 2012
NIC   Teaming Yes, via partners Yes, via partners Windows   NIC Teaming   in box.
VLAN   Tagging Yes Yes Yes
MAC   Spoofing Protection No Yes,   with R2   SP1 Yes
ARP   Spoofing Protection No Yes,   with R2   SP1 Yes
SR-IOV   Networking No No Yes
Network   QoS No No Yes
Network   Metering No No Yes
Network   Monitor Modes No No Yes
IPsec   Task Offload No No Yes
VM   Trunk Mode No No Yes

Windows 2012 Hyper-V Advanced Network Security : DHCP Guard, Router Guard, Port Mirroring

November 27, 2012 5 comments

Windows 2012 Hyper-V brought a lot of new features. There are many improvements in security as well:

DHCP Guard is a security feature that drops DHCP server messages from unauthorized virtual machines pretending to be DHCP servers.
Router Guard is a security feature that drops Router Advertisement and Redirection messages from unauthorized virtual machines pretending to be routers.
Port Mirroring duplicates all egress and ingress traffic to/from one or more switch ports (being monitored) to another switch port (performing monitoring)

These settings are configured per Virtual Machine and Virtual Switch. To configure :

  1. Open the Hyper-V Manager and then select the Virtual Machine (e.g. W2012-FS01)
  2. On the right panel, click on Settings.
  3. Select the Virtual Switch (e.g. v-External-Wired) you want to configure and expand Advanced Features.

SYSRET 64-bit OS privilege vulnerability on Intel, DOES NOT AFFECT HYPER-V

June 18, 2012 1 comment

 

Last week US-CERT warned of guest-to-host VM escape vulnerability and it was reported that an issue on Intel based servers could lead to a “break out” from a VM to the host in certain virtualisation products, including Microsoft : “A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation” : http://www.kb.cert.org/vuls/id/649219
Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.

But Hyper-V is NOT Affected By VU#649219 VM “Break Out”.

I’ve asked the Microsoft Hyper-V product team Redmond if Hyper-V was actually affected and as per their answer:

•The problem does affect the 64-bit OS’s on Intel hardware, but Hyper-V is not affected.

•This problem will not lead to break outs from Hyper-V VMs.

•Windows 8  is not affected

•Windows Server 2012 is not affected.

This was covered as well by Aidan Finn : http://www.aidanfinn.com/?p=12838