Ransomware has vaulted to the top of the news, again. With devastating attacks continuing to impact governments, education and business operations in multiple states, counties and countries, With the United States being the most recent under attack.
Capital One was a major firm recently caught under fire of Ransomware.
These attacks can start in a number of different ways – some start with a simple phishing email, others begin with hackers leveraging vulnerabilities in networking stacks to gain a foothold and move quickly to other systems on the network. One of the most devastating network vulnerability exploited in a ransomware attack was Capital One a couple of months ago.
Since then, new vulnerabilities have been discovered, but there are still many networks out there that are vulnerable.
Unfortunately, many of these un-managed networks stack vulnerabilities that are ‘wormable’ which means that hackers & malware can exploit these holes in an automated method with no user interaction, enabling the infection to spread quickly and easily to a wide group of systems.
Of course, deploying an industry leading protection product like Sophos SG Series, and maintaining a strict patch management strategy are top best practices. But there are also other best practices you should consider to help keep ransomware, hackers, and attacks off your network in the first place.
Your firewall provides essential protection against exploits by closing up or protecting vulnerable ports, as well as blocking attacks using an Intrusion Prevention System (IPS). IPS looks at network traffic for vulnerabilities, and exploits and blocks any attempt for attackers to get through your network perimeter or even cross boundaries or segments within your internal network.
Here are the essential firewall best practices to prevent ransomware attacks from getting into and moving laterally on your network:
- Reduce the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding. Specifically for RDP, ensure port 3389 is not open on your firewall.
- Apply IPS protection: Apply suitable IPS protection to the rules governing traffic to/from any Windows hosts on your network.
- Minimise the risk of lateral movement: Protect against threats moving laterally on your network and consider segmenting your LANs into smaller sub-nets, assigning those to separate zones that are secured by the firewall. Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.
We’re Urban Network, we can help save your Business.
We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.
Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.
Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.
If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.