Telephone: 0845 567 8777
Support 9-5: 0845 5678 666
Support 24x7: 0845 5678 888
We will always be please to hear from you so contact us through
the following channels -<
Hersham Place Technology Park
Tel: 0845 567 8777
E Mail: email@example.com
Matthew Quinn, Secon's Professional Services Director, unravels Systems Hardening and offers some tips on how to securely configure your systems to protect them against unauthorised access, while also taking steps to make your system more reliable ............
We look at why it is of vital importance to review all your virus outbreak incidents and how you should view each one as a learning experience . .........
3. Case Study.
In the first of a series of case studies, read how Secon helped resolve a global food experts on-going malware infection (DOWNAD/CONFICKER) which they had been unable to contain using their existing AV solution...........
Please click on the titles or scroll down to view the articles on all the above..........
System hardening is a step by step process of securely configuring a system to protect it against unauthorised access, whilst also taking steps to make the system more reliable.
By definition, installing any security solution on a system is a type of hardening as you are protecting it further than its default state.
Many systems come with additional services and applications that may not be necessary for the role in which your organisation is using them.
By having these additional elements enabled, not only is your system using unnecessary resource, but is also susceptible to exploits of vulnerabilities related to them. By hardening systems in use, we reduce what is known as the attack surface of a system, lowering the level of exposure the system has to attack.
Organisations that have hardening procedures implemented within their build process of systems have a lower risk of virus and attack exposure.
All systems can be hardened. Traditionally people relate hardening to server architecture, but desktops and laptops can also take advantage as well as mobile phones, firewalls and all manner of devices.
For something like a Windows 2003 server, many services are turned on by default. For example, telnet is an application that can be used to access other systems and test system connectivity. In Windows 2008 and 2012, telnet is now disabled by default, and would need to be turned on if necessary. This has hardened the system as this is now no longer an application that can be vulnerable on a system where it is not enabled
So how do we go about hardening systems?
Depending on the systems used, there are many ways of hardening.
For Microsoft Windows servers, there are many resources on how to harden:
For Linux servers:
If you need help or advice on any issues you have with regard to Systems Hardening, please contact Andrew Gogarty on 0845 567 8777 or via email firstname.lastname@example.org. Alternatively you can get in touch via the Contact Us tab.
Secon have worked with many customers over the past decade that have experienced virus outbreaks of varying complexity, risk and impact.
Each outbreak often highlights an area of weakness with an organisation’s virus prevention strategy. For example, an outbreak could have come from:
Secon believes that protecting your organisation against a virus attack cannot be performed by one product alone, but must be a blend of protection technologies, techniques and procedures to ensure effective protection.
Secon break down an effective virus outbreak prevention strategy into the following areas:
When an organisation has been struck by a virus outbreak,and has subsequently recovered from it, the Post-Incident Activity phase needs to be started. This will involve asking questions such as:
Once these have been ascertained, an organisation can learn how to improve their strategy to reduce the risk of such an incident occurring again. This could include:
By learning from experience, organisations can continually improve on the effectiveness of their strategy and reduce the risk of outbreaks occurring in the future.
If you've been subject to a virus outbreak and would like some best practice help, please contact Andrew Gogarty on 0845 567 8777 or via email email@example.com. Alternatively you can get in touch via the Contact Us tab.
This case study focuses on how one of the world’s largest Food Experts used Secon’s knowledge and malware experience to clean up and implement a new solution to tackle the security issues that their current products were failing to protect against.
The company advised that they kept getting repeated infections of malware known as ‘DOWNAD/CONFICKER’ which was not being removed by their current anti-virus product.
Prior to Secon’s engagement, to control the malware from spreading further to their servers and client machines, the company had even taken the steps to create a scheduled task running a removal tool every 6 hours. This measure however, was time consuming, difficult to maintain and ultimately unsuccessful at tackling the problem.
We were so confident in our abilities, that we offered a no fix, no fee term.
Secon’s expert team prioritised the cleanup to minimise the risk the customer was exposed to and then began the process of implementing an effective antivirus strategy following our tried and tested framework:
The cleanup process was immediately initiated and Secon’s malware experts discovered there were actually three forms of malicious software propagating the customer’s environment :
Secon quickly established that the infection’s ingress point was one of the customers remote users connected to the internal network via VPN.
The malware was propagating via the shares on their Citrix servers, which is typical behaviour for such viruses – one infected machine connecting to the company infrastructure spreads its own infection.
To give the customer continued protection against previous and future infections, we deployed our preferred Antivirus Tools from the market leading Security Vendor Trend Micro. As part of this recommendation , a test environment was created to demonstrate the software’s ability to succeed where their original tools had failed.
Secon’s experts continued working with the companies IT team to establish security priorities, ensuring their SQL database infrastructure was protected and clean from infection and thereby protecting their most sensitive information. Moving forward, Secon’s team worked through their corporate IT systems ensuring each asset was secure and protected from future infections.
The infections experienced by this customer were particularly challenging . The Trojans that had infected them were connecting to remote command and control platforms and pulling down additional malicious software, typical behaviour of a polymorphic malware infection. The three infections listed above actually work together to syphon key data and almost any sensitive information it could find and the test environment was again used to demonstrate Trend Micro’s ability to identify, remove and ultimately block re-infection of the end point machines.
The infection had now been successfully removed but our involvement with the customer had identified improvements that could be made within the procedures and policies to better align the company with best practice and industry standards. Some examples of our recommendations are below:
Secon completed the project within weeks of being called in. We have now armed the company with the latest tools and processes for best practice anti malware strategy. The whole project and new tools were provisioned within the cost of the software maintenance renewal of their legacy anti-malware solution.
Secon is now helping the customer to review their web security and virtualisation security measures to ensure the highest levels of protection in the future.
To find out how Secon's best in the business malware engineers could help your business security, please contact Andrew Gogarty on 0845 567 8777 or via email firstname.lastname@example.org. Alternatively you can get in touch via the Contact Us tab.