Backup File Server to DAS
-
@IT-ADMIN said:
so that we can take our precaution
- Never use software from third parties like download sites.
- Never use cracked software
- Keep your systems fully up to date and patched
- Run the latest software, not old versions
- Follow the principle of least necessary privilege
- Never let users be administrators
- Use a good AntiVirus like WebRoot and keep it updated
- Use a good firewall with Layer 7 filtering, like Palo Alto
- Restrict what users can do on the network, like going to random websites or inserting USB sticks
- Move from file servers to decoupled storage like many cloud products have
- Use decoupled backups
- Use backup media that is offline (like tape)
-
@Dashrender said:
@scottalanmiller said:
Why do you feel that ransomware "targets" anyone? It does not. It hits everyone. EVERYONE. There is no concept of "don't take HIS money, he doesn't have a lot."
This is the problem. For some reason, people (in general) think that there is someone at a keyboard running these virii. They clearly don't understand that they are completely automated and are happy to steal $0.01 vs 1 billion dollars. And by happy I mean, no feelings at all.
And also happy if you cannot pay and will just post online about how you lost everything and went out of business because that makes them money too from other companies that now know that they will have to pay.
-
i realize that i was very ignorant about the risks we have as network admins, i should setup a good backup plan as soon as possible, wow we are like in a forest, the strong eat the weak
-
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
-
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
-
@IT-ADMIN said:
i realize that i was very ignorant about the risks we have as network admins, i should setup a good backup plan as soon as possible, wow we are like in a forest, the strong eat the weak
Yes, among the most important aspects of IT are security, risk management, disaster planning, etc. These are our core skills. The other stuff that we do is pretty trivial.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
-
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
-
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
There are? and what is to much?
If you're being targeted by ransomware that is outside the of the normal $500-$1500 ransom, then it's likely that a Sophos won't save you anyway.
-
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
In which case you consider your data not worth the money.
So you forfeit your data.
Good job.. way to look at security ass backwards.
-
@scottalanmiller said:
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
That's true, but it seems odd to me still to list it, when it would almost never be on the recommend that a business do this list.
-
@DustinB3403 said:
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
In which case you consider your data not worth the money.
So you forfeit your data.
Good job.. way to look at security ass backwards.
Not sure if that is backwards. Seems like they are making the decision that their data doesn't have the same value of the ransom.
-
@Dashrender said:
@scottalanmiller said:
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
That's true, but it seems odd to me still to list it, when it would almost never be on the recommend that a business do this list.
A large business sure would.
-
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
Sure, the problem is that you don't know for sure how much the ransom will be until it is too late. If it is $300 or $10,000,000 is a big difference.
But the FBI recommends paying it Generally they make the ransom low enough that you will pay it but enough that it will hurt.
-
@coliver But it is completely backwards.
To think, oh hey I'm being ransomed for my data. He doesn't specify a value. Just that the ransoming is occurring, the value could be $300US.
Which might be @IT-ADMIN said:
lol, it depend, there are some ransom who demand too much $
Rather than saying "We need to build a solution to prevent this from occurring, or doing everything in our power to get around the issue of being cryptolocked"
-
@Dashrender said:
@IT-ADMIN said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
- Use a good firewall with Layer 7 filtering, like Palo Alto
How many of use actually do this though?
More than you'd think. Sophos is pretty popular in the SMB.
Sure, but the normal advice lately around these parts has been to use an ERL - doesn't that kinda fly in the face of the above listed advice?
Cheaper to pay the ransom than it is to pay for a Sophos over a ERL!
lol, it depend, there are some ransom who demand too much $
There are? and what is to much?
If you're being targeted by ransomware that is outside the of the normal $500-$1500 ransom, then it's likely that a Sophos won't save you anyway.
Sophos is going to be a very minor point of protection no matter what.
-
@coliver said:
Not sure if that is backwards. Seems like they are making the decision that their data doesn't have the same value of the ransom.
And maybe it doesn't. It's not worth a Windows license, good backups, etc. Those things are cheaper than the ransom, normally. So not surprised if the data isn't worth much of anything.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
There is a world of difference between "what are the steps to avoid X" and "what is the best business decision for a real business."
All IT is about managing risk and deciding where on the spectrum we are going to fall.
That's true, but it seems odd to me still to list it, when it would almost never be on the recommend that a business do this list.
A large business sure would.
OK true - again we are an SMB site, not an enterprise one. In the case of an enterprise, the cost of Sophos vs restoring data is a no brainer.