Protecting Server 2008 Standard against ransomware
I have a client who has several employees who do their daily work (including some minimal Internet browsing) via remote desktop into a server. It's always made me nervous and I have cautioned them against this approach, however...
I recall reading an article about how to disable users' ability to run programs from the Internet (i.e. through the temp folder etc.). Is this a reasonable approach for avoiding ransomware? If so, I assume it's done through Group Policy - what is the method?
Thanks.
Dave
I recall reading an article about how to disable users' ability to run programs from the Internet (i.e. through the temp folder etc.). Is this a reasonable approach for avoiding ransomware? If so, I assume it's done through Group Policy - what is the method?
Thanks.
Dave
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@McKnife... insurance IS protection.
It's how to recover from a disaster.
Just a difference of opinions on terms.
It's how to recover from a disaster.
Just a difference of opinions on terms.
Let's put it this way.
Are backups good for avoiding ransomware (see question body)? No.
Are backups a protection against data loss created by ransomware? Yes.
Are SRP/Applocker good for avoiding ransomware? Yes.
Are SRP/Applocker a protection against data loss created by ransomware? Yes, since it won't exist.
Don't think that this is a matter of opinion. Everyone should have backups anyway.
So that's why I found "the only true protection against ransomware is backups" is arguable :)
Are backups good for avoiding ransomware (see question body)? No.
Are backups a protection against data loss created by ransomware? Yes.
Are SRP/Applocker good for avoiding ransomware? Yes.
Are SRP/Applocker a protection against data loss created by ransomware? Yes, since it won't exist.
Don't think that this is a matter of opinion. Everyone should have backups anyway.
So that's why I found "the only true protection against ransomware is backups" is arguable :)
Everyone should have good backups. No backups is truly dumb.
And the ONLY known way to PREVENT ransomware is good old fashion common sense. You cannot help loose nuts behind keyboards.
Have decent employees and train them not to open emails from unknown sources.
And the ONLY known way to PREVENT ransomware is good old fashion common sense. You cannot help loose nuts behind keyboards.
Have decent employees and train them not to open emails from unknown sources.
Ok, let's pretend I am a "loose nut" (maybe I am). So with software restriction policies or applocker whitelisting in place, how would I be able to execute a virus, John, when it's not whitelisted?
ASKER
Thanks very much for the help
You are very welcome.
About your "However, the only true protection against ransomware is backups" - it is no protection, only a backup. Imagine all of your computers are infected by a ransomware. That ransomware had decided to remain hidden until a certain date and until then spread as much as it could inside your LAN (this has happened with "locky", recently). Then it strikes. By the time users would call and alert you, and you would have blocked access to your crucial data, maybe 10% of your whole company's files are gone.
Now think about what that would mean to your backup strategy. How fast would you be able to sort out what files exactly you'd need to restore (if even possible)? You may want to restore all data instead. But that would take a lot of time, time in which you lose money. So it's no protection, just a kind of life insurance.
Whitelisting of apps (SRP/Applocker) is protection and it's hard to overcome those.