Local Server security

damola1
damola1 used Ask the Experts™
on
Local server security.

I just got a ransomware attack. Hence I am asking for help to be able to achieve a great level of security for my server especially. and devices.

WHich devices should I get and why?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bbaoIT Consultant
Commented:
the most important thing is NOT to get any new hardware or purchase any anti-ransomware software.

the most important thing is security awareness, then common sense and some best practices. be aware of any abnormal request, behaviour or operation on your computer or any device.

technically, if your or other people don't run any malicious code on your computer, you wont' get ransomware infected. that's the first rule to follow from a technical perspective.

secondly, separate your digital assets (documents, programs, licenses etc) in different, separated zones, which means they can't be reached by your computers by default, using default privileges, or under default permissions.

thirdly, accordingly, don't use administrative accounts for daily operation, use the least privileges by default.
Commented:
as said Mr. bbao,

the Ransomware issues mostly spread through the unsecured e-mails, attachments, using external shares, external Medias.

the main thing is you have protech your environment ... so use best firewall ... at gateway levle, additionally at server level and  pc level use best antivirus software ... so which can help protect at local level... and keep update ..them all and keep monitor the reports ...

above all guide the staff to combat the ransomware issues... Malare Issues.. etc. i.e any suspected e-mail recieved should not open... and not use any unsecured e-mail services... etc.

additionally at local level security.. dont assign administrative privillages to any local user at pc level. at server level use service accounts .. for specific task...

all the best
David FavorFractional CTO
Distinguished Expert 2018
Commented:
As Sajid said, Ransomware typically spreads via email.

So your security will involve things like blocking email containing .zip + .exe files, as a start.

User awareness is key also.

Ransomware installation requires convincing a user to run the installer, in some form.

User's must be educated not to engage in risky behavior.

All this said, the only 100% fix for Ransomware is to maintain, remote, daily backups of every machine.

So if a machine is infected, a simple backup fixes the problem.

Backups must be remote, meaning the machine has no read/write access to the backup device. This ensures your backups are safe from Ransomware infecting all backups... which is a nightmare...
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

bbaoIT Consultant
Commented:
Ransomware typically spreads via email.

i would say, malicious email is commonly the first step of the spread of ransomware in an organisation, the step like letting the Trojan Horse within the gate. the 2nd step is actually the step to cause disaster - the internal spread, which infect all networked yet unprotected computers on the same network or reachable networks.

that's why it is very important to separate your network in different security zones and limit the privileges of every networked devices. this is the key to reduce the impact if the Trojan Horse has came in, thought the best way is to block it out of the city.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
As noted above, ransomware spreads mostly by email. Get a Top Notch Spam Filter - a real good third party spam filter, not workarounds.  

This will stop the vast majority of attacks.   Then train users not to open email from strangers.

Ransomware is not a technology problem. It is a user problem.
Distinguished Expert 2018
Commented:
For starters, let's be honest: there is no magic bullet solution.

Review the systems you have in place now. Maybe improve your spam filtering and consider a proxy if you don't already have one. Also check to make sure that you have proper antivirus and anti malware protection.

However, you also need to make sure that you conduct user awareness training. This is one of the biggest pieces of all. Check on your appropriate usage policy. Update it if needed and make sure there is managerial buy in.

Another major piece is making sure that you keep backups offline so that previous ones do not and cannot be infected if something does occur.

Least priviledge of accounts is also very key. Users generally do not need administrative access to anything. But also, users who do require that for servers should have separate accounts for administrative duties.

What system did the ransomware come in on first? If the answer is a server, does it track back to an email or a software download?
nociSoftware Engineer
Distinguished Expert 2018

Commented:
And make OFF-LINE backups regularly and keep a few older ones around.
(online backups might get encrypted as well.)
Commented:
Take these points into consideration:
• Users training and awareness a must.
• Increase the awareness of cybersecurity issues for users.
• Users should exercise good habits of Internet use.
• Deactivate unnecessary components on the main servers.
• Disable unused user accounts on the main servers.
• Implement patch management.
• Restrict servers access.
• Restrict shell commands per user or server for least privilege purposes.
• Apply DNS Filtering.
• Your networks should be segmented.
• Make secure offsite backups of your data on a regular basis.
https://www.sans.org/reading-room/whitepapers/malicious/paper/36962
Adam BrownSenior Systems Admin
Top Expert 2010
Commented:
other things to look at are secure access to RDP and similar solutions. i've seen a number of ransomware attacks come in through firewalls that put port 3389 right on the internet going to their server. This type of configuration allows people to attack your environment with brute force attempts against any account in the environment. if you have lax password security, it'll open you to many attacks. i had one client who had been hit by two ransomware attacks *the same day* the second attack actually encrypted the data a second time. It was a bad day.

Author

Commented:
What is the best method to do a server backup ?  

Kindly note this is a 480Gb ssd which has no raid. Loaded with a Proxmox virtual environment and already 4years old
bbaoIT Consultant

Commented:
a simple COPY or XCOPY for all documents would work perfectly.

the key here is to keep the backup offline, separated physically, or at least accessed with different privileges.  it doesn't matter what kind of backup it is, but a simple COPY or XCOPY operation will make its regular update flexible and simple.

a whole server backup including system is recommended for a newly built server.

Author

Commented:
COPY or XCOPY  is manual copying?.. is there no way to automate backup?
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018
Commented:
Backups can be automated in any way you like by using something like Acronis True Image 2019.

It also has an Anti-Ransomware module that runs 24/7 when the software is installed. I tested this module in a Windows 10 VM and purposely tried to infect my VM from Ransomware samples available on the Dark Web. I tried launching around about 10 different ransomware infections on the virtual machine - all were halted. The worst that happened is that about a dozen files were encrypted a couple of times before the Anti-Ransomware module kicked in and stopped the encryption process. Works very well.

They also have server solutions that work in the same way.

Hope that's helpful.

Regards, Andrew
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
I think you got more than one good answer here.

Author

Commented:
Thank you for your all of your excellent support. wonderful contribution.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
You might wish to go back and reward the good posts. Easy to do

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial