Ransomware attacks are only increasing in complexity and are getting more efficient at exploiting network and system vulnerabilities, leaving organizations with a significant clean-up bill. Modern firewalls are highly effective at defending against these types of attack, but they need to be given the chance to do their job. In this whitepaper we will discuss how these attacks work, how they can be stopped and best practices for configuring your firewall and network to give you the best protection possible.
Best Practices for Firewall and Network Configuration
- Ensure you have the right protection, including a modern high-performance next-gen
firewall IPS engine and sandboxing solution. - Lockdown RDP with your firewall. Your firewall should be able to restrict access to VPN
users and whitelist sanctioned IP addresses. - Reduce the surface area of attack as much as possible by thoroughly reviewing and
revisiting all port-forwarding rules to eliminate any non-essential open ports. Every open
port represents a potential opening in your network. Where possible, use VPN to access
resources on the internal network from outside rather than port-forwarding. - Be sure to properly secure any open ports by applying suitable IPS protection to the
rules governing that traffic. - Apply sandboxing to web and email traffic to ensure all suspicious active files coming
in through web downloads and as email attachments are being suitably analyzed for
malicious behaviour before they get onto your network. - Minimise the risk of lateral movement within the network by segmenting LANs into
smaller, isolated zones or VLANs that are secured and connected together by the firewall.
Be sure to apply suitable IPS policies to rules governing the traffic traversing these LAN
segments to prevent exploits, worms, and bots from spreading between LAN segments. - Automatically isolate infected systems. When an infection hits, it’s important that your
IT security solution be able to quickly identify compromised systems and automatically
isolate them until they can be cleaned up (either automatically or through manual
intervention). - Use strong passwords for your remote management and file sharing tools that are not
easily compromised by brute-force hacking tools.
If you would like to find out more detail about the solution, you can also give one of our friendly team a call on 01273 834 000.
