Archive
Comparing Windows Server Networking features : W2012 x W2008.
Windows 2012 : Feature rich, extensible, all there in the box, no compromises
Networking feature | Windows Server 2008 | Windows Server 2008 R2 | Windows Server 2012 |
NIC Teaming | Yes, via partners | Yes, via partners | Windows NIC Teaming in box. |
VLAN Tagging | Yes | Yes | Yes |
MAC Spoofing Protection | No | Yes, with R2 SP1 | Yes |
ARP Spoofing Protection | No | Yes, with R2 SP1 | Yes |
SR-IOV Networking | No | No | Yes |
Network QoS | No | No | Yes |
Network Metering | No | No | Yes |
Network Monitor Modes | No | No | Yes |
IPsec Task Offload | No | No | Yes |
VM Trunk Mode | No | No | Yes |
Windows 2012 Hyper-V Advanced Network Security : DHCP Guard, Router Guard, Port Mirroring
Windows 2012 Hyper-V brought a lot of new features. There are many improvements in security as well:
These settings are configured per Virtual Machine and Virtual Switch. To configure :
- Open the Hyper-V Manager and then select the Virtual Machine (e.g. W2012-FS01)
- On the right panel, click on Settings.
- Select the Virtual Switch (e.g. v-External-Wired) you want to configure and expand Advanced Features.
SYSRET 64-bit OS privilege vulnerability on Intel, DOES NOT AFFECT HYPER-V
Last week US-CERT warned of guest-to-host VM escape vulnerability and it was reported that an issue on Intel based servers could lead to a “break out” from a VM to the host in certain virtualisation products, including Microsoft : “A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation” : http://www.kb.cert.org/vuls/id/649219
Affected vendors include Intel Corp., FreeBSD, Microsoft, NetBSD, Oracle, RedHat, SUSE Linux and Xen.
But Hyper-V is NOT Affected By VU#649219 VM “Break Out”.
I’ve asked the Microsoft Hyper-V product team Redmond if Hyper-V was actually affected and as per their answer:
•The problem does affect the 64-bit OS’s on Intel hardware, but Hyper-V is not affected.
•This problem will not lead to break outs from Hyper-V VMs.
•Windows 8 is not affected
•Windows Server 2012 is not affected.
This was covered as well by Aidan Finn : http://www.aidanfinn.com/?p=12838