Managing Windows & Linux Servers

As with any asset, it’s important to have a credible and comprehensive inventory of all servers in your environment. Whether on-prem or in the cloud, Windows and Linux servers are used for critical business applications and often process sensitive data. Axonius provides an accurate accounting of operating systems, versions, resources, configurations, software, and associated users, necessary to protect an organization’s infrastructure.

Challenges of Managing Servers and Thier Operating Systems

Outdated operating systems and misconfigured servers open entire networks to the possibility of attack, while a lack of insight to server resources such as RAM and Hard Drive space could inhibit operational performance. Understanding the status of servers and operating systems, and the assets connected to them, provides the information necessary to reduce the attack vectors and close security gaps.

Recommended Categories of Data Sources (Adapters) To Manage Windows and Linux Servers

The following Adapter categories are recommended when managing servers and their operating systems. Each provides important information for asset management. As more Adapters are connected, the comprehensiveness of asset data is incrementally strengthened.
Cloud Infrastructure – to identify servers and OSs running via cloud services
Infrastructure Monitoring – to track on-prem IT infrastructure.

• Networking – to monitor networks and discover hardware and operating systems
• MDM/EMM – mobility management tool for endpoints on-prem or cloud
• EDR/EPP – detect and protect against a variety of attack types and vectors
• Configuration/Patch Management – for configuration and patch management of assets
• ITAM/ITSM – asset data collection and management across a network, including devices and servers
• Vulnerability Analysis (VA) Tool – vulnerability assessment tool to identify, prioritize and rate vulnerabilities
• IAM – user identity and access management authentication
• UEM – manage and protect assets across with fleet-wide visibility
• Virtualization – monitoring of hypervisor and virtualization platforms

Using Axonius to Track Operating Systems and Versions

Axonoius identifies server types and their operating system versions or distributions so administrators know exactly what exists in their environment. Please note that each environment is unique and may require unique queries to identify exactly what you’re tracking. The examples here are generic but should provide a solid basis for understanding how Axonius operates.

Start by finding a general overview of all OS types operating in your environment—regardless if they are servers or devices. Go to My Dashboard in the Dashboard pane. Click the large blue plus sign to add a new chart. Name the Chart. Under the Chart Metric, select Field Segmentation and under the Select Query section select Devices. Under the Segment By section select Preferred OS Type to quickly illustrate all OS Types operating in your environment. The chart illustrates that Windows and Linux are the predominant OS Types, so we’re going to explore those operating systems as they relate to servers in more detail now.

To find Linux servers and their distributions, first create a query using the Query Wizard, where Preferred OS Type equals Linux. Save the query.

Under the My Dashboard section of the Dashboard pane, create a new chart that uses the saved query as the source of information.Select Field Segmentation as the chart metric and segment by OS: Full OS String. The chart will illustrate the various distributions of Linux in the environment.

Similarly, to find all versions of Windows servers, create a query to identify Preferred OS Type equal to Windows, where the Preferred OS Distribution contains Server, and save. The “contains” operator helps with discovery. When used with preferred OS distribution, it will return results for Server OS distributions (i.e. Windows Server 2016, Windows Server 2019, etc), resulting in a more comprehensive search. Following discovery, more specific query parameters can be employed to improve the operational performance of the Axonius engine.

Use that saved query to create a new chart in the My Dashboard section of the Dashboard pane. Set the chart metric to field segmentation, and then segment by Preferred OS Distribution.

Understanding Server Resources and Configurations

Learn more about server resources and configurations such as available RAM and hard drive size using the above baseline queries for Windows or Linux as the source of information and then see query results via the Query Wizard tabular results view.

For instance, create a query based on the baseline Windows query described above where the Preferred OS Type equals windows and the Preferred OS Distribution starts with Server.

Then edit the columns to display the Total RAM, Free RAM, Hard Drives: Size and Hard Drives: Free Size. Reposition these new fields higer up on the Displayed Columns so they will be easily visible.

The tabular query results reveal the data, which can be sorted and filtered to uncover issues that may pose operational challenges such as servers whose processing capacity is pushed to its limit or hard drives with little available free space.

The same steps can be applied using the Linux Server Query with similar results.

Identify Servers with Vulnerabilities

Find servers where the Common Vulnerabilities and Exposures (CVE) rating is critical. To identify Windows servers with a critical CVE score, start from the initial server queries listed above under the ‘Using Axonius to track operating system versions’ section — in this instance use the the baseline Windows server query, and add a line to the Query Wizard where the Vulnerability Software: CVE Severity equals CRITICAL.

Results from this query reveal the servers that are critically exposed to vulnerabilities. It serves as a starting point for investigation and remediation.

To identify Windows servers where vulnerability software is not present, again start from the baseline Windows server query, add a line to the Query Wizard where Vulnerable Software does NOT exist.

Results from this query uncovers gaps in security coverage where vulnerability assessment tools do not exist on servers, leaving them open to undetected threats.

Identify Servers Not Seen By Vulnerability Scanners

Axonius finds instances of servers that are not seen by vulnerability scanners. Using the Query Wizard, start with the baseline server queries listed above and add a line to the query where the Adapter Properties DOES NOT equal Vulnerability Assessment.

Results for this query reveal servers that do not have Vulnerability Assessment tools installed.

Identify Installed Software and Agent Versions

Axonius also finds installed software or agents and their versions on a server. For Windows servers, start with the basic Windows server query and add a line in the Query Wizard where Installed Software: Software Name and Version exists. Save the query.

To visualize the data, create a new chart in the My Dashboard section of the Dashboard pane. Use the saved query as the source of information, and segment by Installed Software: Software Name and Version.

Take Action to Ensure Servers Meet Security Policies

Saved queries from any of these examples can be used to enforce compliance with security policies by using the Axonius Security Policy Enforcement Center. The Security Policy Enforcement Center has over 80 enforcement actions that can be applied to query results. Axonius users can:

• Notify — Send notifications to preferred platforms and channels (i.e. email, slack), or create helpdesk tickets with popular applications like Service Now, ZenDesk, Jira and more.

• Enrich — Enrich device and user data with Axonius tags and custom data, or with third party sources like Shodan, Censys and others. Create new records for CMDBs or update existing ones.

• Respond — Update vulnerability scans, deploy files and run custom commands, or isolate or unisolate devices from the network.

Find more details about how actions can be applied in our Action Library.