ERP Security and Remote Access (RDP) Password Strength InfoWorld reports a worm (AKA: virus/malware) has caused havoc in many “remote desktop(RDP)”connectable servers and PCs. The root cause is from domain security applliances, policies and procedures, and weak password strength patterns and life-cycles ageing policies.
Morto worm reveals how bad IT isat passwords: Malware responsible for spike in unauthorized RDP traffic affects Windows PCs and servers globally
Your network may have routers, firewalls, security appliances and domain policies to help avoid these attacks. Some of those tools:
- Password length and complexity
- Password and username encryption
- Domain policies to force password ageing intervals
- Enterprise Security software like Symantec End Point
- Backup scheduling with off-site rotations
- Firewall appliances like Fortinet, Cisco, or Trend Data
- Internet address spoofing and port manipulation
Some examples of intrusion attacks:
This email from a router/firewall tells us an intruder/robot/bot was attempting to connect using a username and password which unsuccessfully breached the security policies. This attempt was unsuccessful, how many of your systems have been successfully attached?
Message meets Alert condition
- date=2008-09-21 time=08:58:11 devname=FIREWALL device_id=ABC90188492 log_id=010-1-2092002 type=event subtype=administrator pri=alert vd=root ui=XXX.XXX.XXX.XXX action=login status=failed reason=exceed_limit msg="Login disabled from IP XXX.XXX.XXX.XXX for 60 seconds because of too many bad attempts"
Knowing what, when, where, and why to configure and establish network security is an art and a science. The art is in knowing, based on a breadth of knowledge and experience, what your company needs and establishing a vision for domain security and integrity. The science involves knowing the right enterprise level tools best suited for your needs. Putting these all pieces together into a cohesive manageable platform gives you the best change to survive an attack.
Here is a sample mix of software, appliances and systems you may consider, each solves a particular need and in combination they represent a well orchestrated and balanced enterprise for security, backup and recovery.
Let’s start with backup – your first line of defense is creating a recovery path. Backups are mission critical to your business data and possibly even survival.
Backup systems summary:
- Backup Software – Symantec Backup Exec
- Backup Media – Tape, hard disk, SAN, internet and off site rotations
- Tape drives and tape libraries – Tandberg Data
- PC and server backups strategized into “file-per-system” local/remote storage
- Day/week/month/year cycles – frequencies and volume managed
Security Software and Devices
- Enterprise End Point Protection – all-in-one
- Security appliances – firewalls, routers, gateways
- Email and network virus protection
- Symantec Mail Security for Microsoft Exchange
- Domain Policies for data filtering allow/disallow
- Domain policies controlling unauthorized access
Some of these policies, appliances, virus software, spam software, backup/recovery and other general gateway management tools can and do cause delays consuming bandwidth. Especially when you are in a high volume company where local and internet traffic are mandatorily critical. In some cases, your bandwidth requirements must be 150-200% over your actual planned demand due to losses in managing the “problems” which come your way.
Given the pervasive nature of computers and hackers alike, taking your security seriously is possibly the only chance you may have to prevent a shutdown, or worse complete loss of business. Experience tells us there are many forms of attacks; internal, external, rogue unsolicited behavior is always unknown until it hits you. When it does, you may want to have the “best practices” on your side. These suggestions, systems, software and hardware are preliminary and your needs may not fit these parameters. The best way for you to be safe is to get a practiced opinion. When it comes down to it, if your business did not run for a day, week or month, what is it worth today to get secure and protected from attackers? These threats are real for example: Symantec Threatcon is an ideal place to look at the state of the internet.
Santa Clarita Consultants is an authorized Symantec, Tandberg Data, Cisco, HP, IBM, Fortinet and SYSPRO partner. Symantec is an enterprise level security and threat protection technology offering strategic advantages for your business. Our customers, which take advantage of Symantec systems, have achieved greater stability, security, resilience, compliance and trust in their technology and infrastructure domains. For more information or to request our four point site-audit, The Enterprise 4X4™, please follow the links below.