Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
| (844) 627-8267

9 steps to protecting backup servers from ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Now that ransomware organizations are specifically targeting on-site backup servers, it’s even more important that enterprises defend them vigorously.

Here are nine steps to protect your backups and why you should take them.

Patch religiously

Make sure your backup server is among in the first group to receive the latest operating system updates. Most ransomware attacks exploit vulnerabilities for which patches have been available for a long time, but that didn’t get installed. Also, subscribe to whatever automatic updates your backup software provides, again to take advantage of whatever new protections they might include.

Disable inbound ports

Backup servers get attacked in two ways—by exploiting a vulnerability or logging in using compromised credentials. Disabling all but the necessary inbound ports can stop both. Only ports the backup software needs to perform backups and restores should be left open, and they should be accessible only via a VPN dedicated to the backup server. Even users on the LAN should use the VPN.

Cripple outbound DNS requests

The first thing ransomware does when it infects your backup server is contact its command-and-control server. If it is unable to do so, it can’t receive instructions about what to do next. Consider using a local host file or a restricted DNS system that does not support external queries. This may seem ridiculous, but it is the easiest way to stop ransomware that has infected your system. It’s a major payback from a minor inconvenience. After all, why would a backup server legitimately need the IP address of a random machine on the internet?

Disconnect the backup server from LDAP

The backup server should not be connected to lightweight directory access protocol (LDAP) or any other centralized authentication system. These are often compromised by ransomware and can easily be used to gain usernames and passwords to the backup server itself or to its backup application. Many security professionals believe that no administrator accounts should be put in LDAP, so a separate password-management system may already be in place. A commercial password manager that allows sharing of passwords only among people who require access could fit the bill.

Copyright © 2023 IDG Communications, Inc.


Click Here For The Original Source.

National Cyber Security