Once again ransomware is at the forefront of news websites as catastrophic attacks continue to “derail” and affect government, education and business activities in many countries, and especially in the United States.
Such attacks start in a variety of ways and originate in various criminal activities – some starting via phishing emails and others by hackers exploiting security gaps and vulnerabilities in online stacks to gain access to other network systems. The most well-known online vulnerability that some cybercriminals managed to exploit for their benefit with huge ransomware attacks a few years ago was EternalBlue .
Other vulnerabilities such as BlueKeep have been discovered since then and security patches have been made available. However, there are several corporate networks that remain vulnerable.
Unfortunately, many of these web stack vulnerabilities are “wormable”, meaning that hackers and malware are able to exploit these security gaps using some automated and unnecessary interaction. user, method, for spreading the infection quickly and easily across a wide array of systems.
Of course, using an industry-leading anti-ransomware and endpoint protection product such as Sophos Intercept X, and maintaining a rigorous strategic management of updates and patches are top best practices. But there are other best practices that you need to keep in mind to keep hackers, ransomware and any other attacks out of your network.
Firewall provides you with effective protection against exploits such as EternalBlue and BlueKeep by closing or protecting ports as well as blocking threats using IPS (Intrusion Prevention System). IPS examines network traffic for vulnerabilities and exploits and excludes any attempt or business by attackers to penetrate the perimeter of your network or even cross boundaries or portions of the company’s internal network.
While there is a complete guide on how to protect your network , below are some of the best practices for managing your firewall to prevent ransomware attacks from penetrating and penetrating deeper into your network:
- Reduce the attack surface: Evaluate and review all port forwarding rules to eliminate any unnecessary open ports. Wherever possible, use VPN to access internal network resources when you are out, rather than port-forwarding. Especially for RDP, make sure port 3389 is not open to your firewall.
- Applying IPS Protection: Apply appropriate IPS protection to the rules that apply to and from any Windows host on your network.
- Minimize the risk of ‘lateral movement’ on your network: Use XG Firewall and Synchronized Security to protect the network from threats that move internally on the network and consider splitting your LANs into smaller subnets , assigning them to separate zones protected by the firewall. Apply appropriate IPS policies to rules that interfere with traffic passing through these zones to prevent any worms and bots from spreading between the LAN segments of your network.
XG Firewall and Synchronized Security are the best protection you can have against the latest threats by providing superior protection and performance. Stop the hacks and the most dangerous and modern attacks from the beginning.
Download the Sophos guide here .
You can read the original article here .