Reminder: Protect your Servers
If you have systems online, you are a target. It doesn’t matter the size of your organization or the visibility you have in the world. Bad actors scan the internet continuously for easy targets and systematically try to both find and break into all systems they find using the internet. Sometimes your users will be the ones to bring the attackers to your front door by visiting a malware website from a mass text message or spam message. Attackers attack the weakest systems. Don’t be the slowest antelope that they come across.
I recently attended a security webinar and was reminded of some of the basic infrastructure security principles. Some of these seem pretty fundamental but it’s always good to have a reminder to stay vigilant. Here are the high points I think might be valuable to remember often.
- Virus Protection is not enough. The world is constantly changing and pattern-based virus protection is not enough to protect an organization. Some of the most devasting malware and viruses are zero-day virus that haven’t been identified yet by antivirus vendors.
- Not all threats are file based. Some are delivered via standard Windows tools, web browsing, and/or scripting without ever putting a rogue binary on your systems.
- If you are not automating patching and security, you are falling behind. You need to have the vulnerabilities closed before they are exploited.
- You need to review logs and have appropriate monitoring. Security is not a set it and forget it approach as the threats are constantly changing and evolving and examining logs will help companies pick up trends and abnormal activities.
During the webinar, they talked about some of the wiperviruses that were unleashed on Ukraine at the start of the Russian invasion. These malware programs systematically went through infrastructure and just wiped servers completely. There was no encryption or ransomware; just a complete wipe of data to harm or cripple the organization. This was a stark reminder that your backups are only as good as your restore process. Make sure you are taking backups but even more importantly, make sure you are testing your restores to make sure the backups you are taking are valid and your processes are understood and can be executed when needed.
Stay Safe out there!