Windows is making its way towards open-source ecosystems, however the truth is that there is still very little FOSS (free and open-source software) security available for Windows’ servers. Many institutions that use Windows, like hospitals, struggle to get hardware or people to properly function and are often left exposed to cyberattacks like ransomware. At CrowdSec, we saw a need for an EDR-like tool that was cost-effective (even free) and could seamlessly protect where many other tools lacked. Therefore, we added additional functionality to our platform and made a Windows Agent, which was fairly trivial thanks to the versatility of Golang.
In this article, we will quickly look into the FOSS security that we provide to Windows’ servers, the benefits, and how you can try it out on your system too.
What is free and open-source software?
To begin, let’s take a quick look at what FOSS is.
Simply put, free and open source software (FOSS) is software where the users and programmers can edit, add to, or modify the code source. There are many different types of licenses, ours is under the MIT license, which allows developers to collaborate worldwide on improving the functionality of the software with no copyright restraints.
For our open-source solution, we allow members of our community and all users to add, edit, and modify our Agent on GitHub.The transparency brought by being open source also guarantees that the software does what it says it does and nothing more.
Why would a company using Windows choose CrowdSec?
It was a quick, easy win to bring FOSS security to Windows and help those in need.
For Internet-facing machines, they receive threats, share attacker’s IP, and benefit from the network effect. Now if the admins of those machines want advanced features, they have the same possibility to go premium as the *NIX ones.
But most importantly, CrowdSec is a FOSS editor and the agent (IDS) is and will remain free for all to use.
What can CrowdSec detect and block on a Windows server?
CrowdSec agents can monitor logs and events for various applications, an example of these are samba shares, remote desktop brute force, port scans, CVE’s like CVE-2022-30190, authentication attempts and an SQL server scenario.
Windows event log facility can provide substantial information for the CrowdSec agent to parse and act upon. This can be further extended with using the popular system monitor tool Sysmon which can enable additional logging facilities to which Crowdsec can monitor even more types of events such as file read and write activity.
How can I test CrowdSec on my Windows server?
So you are curious about trying our FOSS Windows Agent on your server? We have a tutorial to walk you through the steps to get it running and protect your system right away. You can also check out another tutorial on how to secure your Microsoft Exchange 2019 server with CrowdSec.
As CrowdSec is free and open-source software, you have the ability to contribute to it (as we mentioned above). You also share your signals with a large community of real users. When you detect and block a rogue IP, this information is shared across the network and this data is then curated, cross-validated, and checked through a rigorous technique that ensures zero-false positives, a reduced volume of alerts, and is fed to our extremely actionable cyber threat intelligence which can aid you in making more informed decisions and efficient processes against future cyberattacks.