Wannacry ransomware wreaked havoc around the globe, infecting and putting out of commission more than two hundred thousands computers. One could consider this as a brutal and effective crashtest for common security practices. Test that we have failed, miserably. Just look at the map of affected countries...
The situation could be completely different, if IT security adhered to a small set of very basic security practices, such as
The situation could be completely different, if IT security adhered to a small set of very basic security practices, such as
Educate end users
One of the Wcry vectors is a phishing email. We all know that it is not wise clicking on email links, right? Wrong, apparently. People are still doing that. Teaching users simple security awareness practices is vital to avoid such incidents.Scan incoming emails and downloads
One of the classic cases of Threat Emulation is scanning and detonating file attachments and downloads. Every decent security vendor has an appropriate offering in this field.
Anti-phishing tools are also widely available, both onsite and cloud based.
Patch your systems timely
SMB vulnerability used by Wcry to propagate was patched by Microsoft in March 2017, two month before the event. Two month!Use IPS for virtual patching
Okay, you say, we could patch all supported Windows machines, but how about XP, 8 and 2003? Even if there was no patched for unsupported Windows flavors, simple IPS virtual patching would do. How hard it can be, really?
Filter incoming traffic, segment your networks
To prevent the initial infection coming from Internet through SMB, one only needed to filter out incoming SMB traffic. Same to prevent lateral movement of the worm in segmented networks. Simple FW rules denying such traffic would do.
Backups, backups, backups
In case of infection, there is always a plan B - restoring systems from backups. If you have any. If you keep them safe. Safe in this context means offline.
Simple and widely known best security practices could save the day. Yes, we have all seen recently that our networks are out there for anyone who wants to take them over. How sad is that?
-----------
To support this blog send your donations to https://www.paypal.me/cpvideonuggets
No comments:
Post a Comment