Global Windows Outage Highlights Risks of Hosting DNS and DHCP on Servers

Global Outage Highlights Critical Network Service Vulnerabilities

Cricket Liu, the Chief DNS Architect at Infoblox, recently shared insights regarding the significant global outage of Windows computers triggered by a bug in CrowdStrike software. This incident serves as a crucial reminder for organizations: critical network services, such as DNS and DHCP, should not be hosted on Windows Servers.

On July 18, a software update from CrowdStrike inadvertently led to widespread system failures across Windows computers, impacting various sectors including airlines and retail chains. Although CrowdStrike acted swiftly to retract the problematic update, the repercussions were already felt, with recovery efforts expected to span hours or even days for many affected entities. The scale of the outage was exacerbated by the fact that numerous organizations relied on Windows Servers for their mission-critical network services, resulting in cascading failures that prolonged recovery times.

Organizations typically invest millions in developing resilient network infrastructures designed to mitigate the impact of any single device failure. However, the functionality of all network devices hinges on essential services like DNS and DHCP. Hosting these services on Windows Servers is not advisable; instead, these servers should concentrate on their primary function of supporting identity services, such as Active Directory.

While the CrowdStrike incident was notable for its widespread impact, failures of Windows Servers are unfortunately common and often lead to network outages. Furthermore, these servers are frequently targeted due to their vulnerabilities, necessitating ongoing patching efforts. Recent ransomware attacks have highlighted this issue, as they often exploit weaknesses in Windows Servers, resulting in extensive disruptions and complicating incident response efforts.

Running critical network services on Windows Servers significantly increases the risk of DNS and DHCP failures, which can incapacitate the remaining infrastructure not already affected by the initial vulnerability. To mitigate such risks, organizations are strongly encouraged to operate DNS and DHCP on dedicated servers that are independent of their Windows infrastructure and fortified against potential attacks. Utilizing alternative operating systems for these services can provide a robust defense against future outages.

Image Credit: Infoblox

Related Articles

How to stop CrowdStrike Falcon sensor service Windows?

To stop the CrowdStrike Falcon sensor service on Windows, you need to use the Command Prompt with administrative privileges. Open Command Prompt as an administrator and enter the following command: `sc stop csagent`. This command will stop the CrowdStrike Falcon service. Note that administrative rights are required to perform this operation, and stopping the service may impact your system’s protection.

How to uninstall CrowdStrike Falcon sensor without token?

Uninstalling the CrowdStrike Falcon sensor without a token requires disabling the tamper protection first. Open the Command Prompt with administrative privileges and run `sc config csagent start= disabled` followed by `sc stop csagent`. Then you can uninstall the sensor via the Control Panel or by running the command `msiexec /x [Product Code]` where [Product Code] is the identifier for the Falcon sensor. Ensure you have administrative rights to complete these steps.

Update: 12 Aug 2024