|
Feature and descriptionBog'liq Windows Server 2022 Comparison Guide3
Feature and description
Windows
Server 2016
Windows
Server 2019
Windows
Server 2022
Server Message Block (SMB) security enhancements.
Previously, enabling SMB Encryption on SMB Direct RDMA
networks disabled direct data placement and slowed
performance; now data is encrypted before placement,
reducing performance degradation when using RDMA while
adding AES-128 and AES-256 protected packet privacy.
Additional improvements include accelerated SMB signing
performance with AES-128-GMAC, SMB encryption support
for top secret class networks via AES-256-GCM and AES-
256-CCM cryptographic suites, and configurable SMB
Encryption and signing for internal cluster communications
that works alongside existing client-server encryption.
SMB over QUIC
allows on-premises, mobile, and
telecommuter users access to file servers at the edge
in Azure and on corporate networks—without a VPN.
The server certificate creates a TLS 1.3-encrypted tunnel
over the internet-friendly UDP port 443 instead of TCP/445
to avoid exposing SMB traffic to the network.
DNS over HTTPS (DoH) client.
Enables the DNS client to
protect its domain-name lookups from interference and
observation.
Other key security features
Windows Defender Application Control (WDAC) or code
integrity.
Helps ensure only authorized executables run on
the server. Major improvements in WDAC include support
for multiple base policies, supplemental policies, and path-
based rules.
Advanced Threat Protection (ATP).
Windows Defender
ATP Exploit Guard is a new set of host intrusion prevention
capabilities, such as preventative protection, attack detection,
and zero-day exploits.
|
| |
