Capital One was a huge firm recently caught under attack of Ransomware.
Specific attacks can start in a multitude of unique ways – some with a simple phishing email, others with hackers leveraging vulnerabilities in networks in order to onto other systems within the network. One of the most devastating ransomware attacks was only just a few months ago, Capital One’s networks exploited and vulnerabilities blown wide open to the public.
Since the attack, new vulnerabilities have been discovered, but there are still many networks out there that are highly susceptible to attacks.
Unfortunately, many of these poorly written networks are piled with issues that are easily ‘wormable’, which otherwise means hackers & malware can exploit these holes in an automated method with no user interaction at all, enabling the infection to spread quickly and easily to a wide group of systems. In other words, taking over your entire system in a matter of hours.
Of course, deploying an industry leading protection product and maintaining a strict patch management strategy are the best practices. But there are also other best practices you should consider to help keep ransomware, hackers & threats out of your network in the first place.
Your firewall provides a vital protection against exploits by closing up, or protecting vulnerable ports, as well as blocking attacks using an Intrusion Prevention System. IPS looks at network traffic for openings, exploits and blocks any attempt for attackers to get through your network border or even cross boundaries & segments within your internal network.
Here are the firewall essentials to prevent ransomware attacks from getting into your Business network:
- Reduce the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding. Specifically for RDP, ensure port 3389 is not open on your firewall.
- Introduce IPS protection: Apply suitable IPS protection to the rules governing traffic to/from any Windows hosts on your network.
- Reduce the risk of lateral movement: Protect against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.
We are Dromaeus
From the smart phone in your hand to complex solutions powering your business, Dromaeus was founded to connect your company with the power of technology. Our end-to-end portfolio of products, services and solutions, highly specialised skills and expertise in best-of-breed technologies enable us to deliver products and develop solutions that you need to remain competitive in today’s’ digital era.
If you have any concerns about your IT, data security or backup & disaster recovery, please don’t hesitate to contact us.