Local Server security

Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?
LVL 1
damola1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
the most important thing is NOT to get any new hardware or purchase any anti-ransomware software.

the most important thing is security awareness, then common sense and some best practices. be aware of any abnormal request, behaviour or operation on your computer or any device.

technically, if your or other people don't run any malicious code on your computer, you wont' get ransomware infected. that's the first rule to follow from a technical perspective.

secondly, separate your digital assets (documents, programs, licenses etc) in different, separated zones, which means they can't be reached by your computers by default, using default privileges, or under default permissions.

thirdly, accordingly, don't use administrative accounts for daily operation, use the least privileges by default.
Sajid Shaik MSystem AdminCommented:
as said Mr. bbao,

the Ransomware issues mostly spread through the unsecured e-mails, attachments, using external shares, external Medias.

the main thing is you have protech your environment ... so use best firewall ... at gateway levle, additionally at server level and  pc level use best antivirus software ... so which can help protect at local level... and keep update ..them all and keep monitor the reports ...

above all guide the staff to combat the ransomware issues... Malare Issues.. etc. i.e any suspected e-mail recieved should not open... and not use any unsecured e-mail services... etc.

additionally at local level security.. dont assign administrative privillages to any local user at pc level. at server level use service accounts .. for specific task...

all the best
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
As Sajid said, Ransomware typically spreads via email.

So your security will involve things like blocking email containing .zip + .exe files, as a start.

User awareness is key also.

Ransomware installation requires convincing a user to run the installer, in some form.

User's must be educated not to engage in risky behavior.

All this said, the only 100% fix for Ransomware is to maintain, remote, daily backups of every machine.

So if a machine is infected, a simple backup fixes the problem.

Backups must be remote, meaning the machine has no read/write access to the backup device. This ensures your backups are safe from Ransomware infecting all backups... which is a nightmare...
5 Ways Acronis Skyrockets Your Data Protection

Risks to data security are risks to business continuity. Businesses need to know what these risks look like – and where they can turn for help.
Check our newest E-Book and learn how you can differentiate your data protection business with advanced cloud solutions Acronis delivers

bbaoIT ConsultantCommented:
Ransomware typically spreads via email.

i would say, malicious email is commonly the first step of the spread of ransomware in an organisation, the step like letting the Trojan Horse within the gate. the 2nd step is actually the step to cause disaster - the internal spread, which infect all networked yet unprotected computers on the same network or reachable networks.

that's why it is very important to separate your network in different security zones and limit the privileges of every networked devices. this is the key to reduce the impact if the Trojan Horse has came in, thought the best way is to block it out of the city.
JohnBusiness Consultant (Owner)Commented:
As noted above, ransomware spreads mostly by email. Get a Top Notch Spam Filter - a real good third party spam filter, not workarounds.  

This will stop the vast majority of attacks.   Then train users not to open email from strangers.

Ransomware is not a technology problem. It is a user problem.
masnrockCommented:
For starters, let's be honest: there is no magic bullet solution.

Review the systems you have in place now. Maybe improve your spam filtering and consider a proxy if you don't already have one. Also check to make sure that you have proper antivirus and anti malware protection.

However, you also need to make sure that you conduct user awareness training. This is one of the biggest pieces of all. Check on your appropriate usage policy. Update it if needed and make sure there is managerial buy in.

Another major piece is making sure that you keep backups offline so that previous ones do not and cannot be infected if something does occur.

Least priviledge of accounts is also very key. Users generally do not need administrative access to anything. But also, users who do require that for servers should have separate accounts for administrative duties.

What system did the ransomware come in on first? If the answer is a server, does it track back to an email or a software download?
nociSoftware EngineerCommented:
And make OFF-LINE backups regularly and keep a few older ones around.
(online backups might get encrypted as well.)
madunix IT Specialist Commented:
Take these points into consideration:
• Users training and awareness a must.
• Increase the awareness of cybersecurity issues for users.
• Users should exercise good habits of Internet use.
• Deactivate unnecessary components on the main servers.
• Disable unused user accounts on the main servers.
• Implement patch management.
• Restrict servers access.
• Restrict shell commands per user or server for least privilege purposes.
• Apply DNS Filtering.
• Your networks should be segmented.
• Make secure offsite backups of your data on a regular basis.
https://www.sans.org/reading-room/whitepapers/malicious/paper/36962

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Adam BrownSenior Systems AdminCommented:
other things to look at are secure access to RDP and similar solutions. i've seen a number of ransomware attacks come in through firewalls that put port 3389 right on the internet going to their server. This type of configuration allows people to attack your environment with brute force attempts against any account in the environment. if you have lax password security, it'll open you to many attacks. i had one client who had been hit by two ransomware attacks *the same day* the second attack actually encrypted the data a second time. It was a bad day.
damola1Author Commented:
What is the best method to do a server backup ?  

Kindly note this is a 480Gb ssd which has no raid. Loaded with a Proxmox virtual environment and already 4years old
bbaoIT ConsultantCommented:
a simple COPY or XCOPY for all documents would work perfectly.

the key here is to keep the backup offline, separated physically, or at least accessed with different privileges.  it doesn't matter what kind of backup it is, but a simple COPY or XCOPY operation will make its regular update flexible and simple.

a whole server backup including system is recommended for a newly built server.
damola1Author Commented:
COPY or XCOPY  is manual copying?.. is there no way to automate backup?
Andrew LeniartFreelance JournalistCommented:
Backups can be automated in any way you like by using something like Acronis True Image 2019.

It also has an Anti-Ransomware module that runs 24/7 when the software is installed. I tested this module in a Windows 10 VM and purposely tried to infect my VM from Ransomware samples available on the Dark Web. I tried launching around about 10 different ransomware infections on the virtual machine - all were halted. The worst that happened is that about a dozen files were encrypted a couple of times before the Anti-Ransomware module kicked in and stopped the encryption process. Works very well.

They also have server solutions that work in the same way.

Hope that's helpful.

Regards, Andrew
JohnBusiness Consultant (Owner)Commented:
I think you got more than one good answer here.
damola1Author Commented:
Thank you for your all of your excellent support. wonderful contribution.
JohnBusiness Consultant (Owner)Commented:
You might wish to go back and reward the good posts. Easy to do
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Vulnerabilities

From novice to tech pro — start learning today.