You are not connected. The newsletter may include some user information, so they may not be displayed correctly.

Simple and Cost-Effective protection from Ransomware

Simple and Cost-Effective protection from Ransomware

‍VMsources

‍Secure Cloud and Business Continuity

‍Monday, 25 November 2024 07:31 ‍

 

Hello  ‍

 

Ransomware is on everyone’s mind these days. The simple reality is; many Organizations have limited budget and resources with which to combat Ransomware, and they must select their strategies carefully.

 

I am going to suggest three practices which are either affordable of free, and will help to both combat Ransomware in the first place and recover from it if and when it does occur.

 

Lastly, many government agencies and Insurance Providers are requiring some form of Business Continuity plan prior to providing coverage or certification. VMsources is now providing a Backup and Disaster Recovery Certificate of Compliance to our clients so they may better comply with all of the new requirements.

 

Your Business Continuity Specialist,

 

John Borhek

CEO, Lead Solution Architect

VMsources Group Inc.

Mobile: +1 928.606.0483

Direct-dial office: +1 928.864.0850

Email: john@vmsources.com

Website: https://vmsources.com


1. Implement Multi-factor authentication

Multi-factor authentication (MFA), sometimes referred to as 2FA, is the single best way to keep Threat Actors from accessing mission-critical data and systems and deploying Ransomware in the first place.

 

MFA is particularly effective when Organizations deploy and use Virtual Desktop Infrastructure (VDI) as primary access for both on-premises and remote workers. Because all users access mission-critical data and systems through Secure Gateway(s), the MFA authenticator is deployed and maintained at the Secure Gateways and provides effective protection for the entire Organization. VMsources recommends and deploys VMware Horizon View as our preferred VDI platform.

 

MFA is slightly less effective in an Organization which relies heavily on legacy workstations and laptop computers because the MFA authenticator must be deployed to each workstations and laptop computer individually, and it is much easier for users and Threat Actors to defeat.

 

VMsources recommends and uses DUO as our MFA authenticator. DUO is a Cisco product which supports many forms of MFA including: push to smartphone, hardware key, SMS, email and phone-call. DUO MFA solutions start at $3.00/user/month and are available directly from VMsources along with installation support.


2. Audit your device and local administrator passwords

When considering Password Security and Password Policy, many Organizations only look at Active Directory Policy and ignore local administrator, device and root passwords for Infrastructure systems.

 

System and Device Passwords:

  • All Windows systems have a local Administrator account and password
  • Most Linux systems have (and require) a root account and password
  • Storage devices, SANs, and NAS all have an administrator/manager account and password
  • Network switches all have an administrator/manager account and password
  • Firewalls all have an administrator/manager account and password
  • VMware vSphere systems such as vCenter and ESXi have a root account and password

 

It should go without saying that system and device passwords should be at least as strong as the Active Directory domain requirement, and probably MUCH stronger. Why stronger? Because, within Active Directory, we can leverage additional security such as MFA while device passwords must stand on their own against Threat Actors.

 

Current recommendations indicate that system and device password should be at least 16 Characters long and require mixed: uppercase and lowercase letters, numbers and symbols.

 

EXAMPLE:

Acme Coyote and Safe Inc. has a strong AD Password policy and requires MFA to login to AD. Auditors have praised their compliance with password policy.

 

Unfortunately; they have a Firewall with a user ‘admin’ and a password ‘C0y0t3’.  Worse yet, Acme Coyote and Safe Inc. admin’s have used the same password ‘C0y0t3’ for all other devices, local admin and root accounts.

  

Based on current estimates, it would take a Threat actor between 5 sec. and 6 min to brute-force breach the firewall and gain pervasive access to almost every system!

 

Managing Passwords

One effective way to implement strong and random passwords for systems and devices which are not (or should not be) part of Active Directory is by using an effective and secure network password manager.

 

When using a password manager, password length and complexity are not an issue due to the fact that users cut & paste passwords rather than memorizing and typing passwords. Therefore, it becomes possible to use very long and complex passwords securely and without typos and mistakes!

 

VMsources recommends Keepass. Keepass is both free and highly secure, often regarded as the best password manager available.

 

Keepass can be installed on a network drive and shared by multiple trusted users in an Organization. It is capable of generating random passwords (based on a user-defined policy) and storing those passwords, along with other credentials securely in an encrypted database.

 

When trusted users with access to the Keepass database seek to use a strong password, Keepass has the capability of copying the password to the windows clipboard (with automatic time-out) and allowing the user to paste that password directly, without ever revealing it in plain-text – this is great for support or training scenarios!

 

Please download our whitepaper on: Using Keepass 


3. Use Offsite Backups

Offsite Backups provide one of the best protections to Ransomware there is. Offsite Backups don’t prevent Ransomware from occurring, but an effective Offsite Backup will give your Organization the ability to recover rapidly from Ransomware when it strikes.

 

An effective Offsite Backup should have the following features:

 

Geographic separation of locations:

In the event of a physical disaster such as a hurricane, fire or earthquake, an Offsite Backup is most effective with a minimum distance od at least 100KM from the mission-critical data and systems.

Immutable Repository:

Immutable Repositories prevent anyone from changing data for a pre-determined period of time, thus thwarting Threat Actors seeking to encrypt them. Veeam Immutable Repositories are tested and proven by  Cohasset Associates meeting the requirements for non-rewritable, non-erasable storage as specified by SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) – WORM Equivalency

Does NOT use the same Active Directory as the protected Organization:

Once a Threat Actor gains access to a single user account, they are able to move sideways and even escalate privileges within your Organizational Active Directory domain. Any backup systems which are part of your Organizations Active Directory are likely to be encrypted alongside mission-critical systems and data.

This is the exact reason that many schools, hospitals, and major companies have suffered huge data-loss, and simple Offsite Backup would have protected them!

Can be restored to directly the Cloud:

In addition to the capability to restore back to the original location, Offsite Backups should be directly convertible to workloads running in the Cloud. When choosing a provider, be sure to understand HOW and WHEN the provider would convert your Offsite Backups to the Cloud.

 

Offsite Backups to VMsources Secure Cloud

 

VMsources Offsite Backups have all of the features identified above plus, clients will automatically receive a Backup and Disaster Recovery Certificate of Compliance.

 

When you choose VMsources, you will benefit from our famous Concierge Service. That means that you CAN convert directly to our Secure Cloud running VMware vCloud native systems and one of our BC / DRaaS Consultants WILL actually do the heavy lifting for you and remain online and managing the entire process. No Big Cloud will offer the level of service you will get from VMsources!

 +1 866 644 7764