Protecting Against Ransomware with Layered Security
Ransomware is rampant in our networks this year. Every week, the headlines announce another healthcare system that has had a downtime or outage due to this menace. Outages lasting days or even weeks have major impact on systems, affecting revenue, quality of care and even can pose a life safety issue. While it’s nearly impossible to prevent all attacks, it is possible to limit the spread and effect on your organization.
The typical organization will install an Internet firewall and consider themselves protected. However, if a hacker or malware get past that one barrier, they are free to exploit the entire organization. Laptops can be infected when they are away and bring malware back to the corporate network. Hackers can sit outside your office and connect to your Wi-Fi or borrow an empty conference room and just plug in. A billing clerk can visit an infected site during lunch or open an infected email attachment. This is why it’s important to use a layered approach to security. Protect at the border, protect inside the network and protect on the computer.
Border protection is the typical firewall installed at the edge, separating your corporate network from the Internet. This layer is a very important part of your security plan because it is your first line of defense. The Internet firewall fends off all the attackers from the outside and controls what your users and servers can access on the public Internet. Monitoring outbound traffic is important to see if employees are visiting inappropriate sites or using inappropriate services. You will also look for signs of unusual connections. Recently, one firm saw a constant connection to China and discovered one of their IT analysts had outsourced his job overseas without permission.
Inside protection is the next layer of security. Here you are protecting one internal network segment from another network segment inside the organization. Much like a fire wall in a building prevents fires from one part of a building from spreading to another part, your inside protection prevents the spread of security issues. Typically, you would install a firewall to separate servers from users and control what services are available to your users. This layer would control access for server management to only your IT staff, and prevent access from others. This firewall could also control how the different departments and divisions connect. For example, you could prevent inappropriate access to your lab equipment or high end printers.
Inside protection also includes monitoring and detection. Intrusion detection systems monitor network traffic looking for known viruses and malware plus they have the ability to notice unusual behavior and patterns. Intrusion detection systems would be installed at key locations such as network consolidation points and “border crossings” between networks.
Computer protection is the most inner layer of protection. This layer is your workstations’ and servers’ bullet proof vest against attacks. User passwords, Anti-virus software and personal firewalls are the most common tools for this layer. This layer prevents malware or viruses from infecting your computers and spreading to other computers. It also controls unauthorized remote access to your workstations and servers. You must protect all systems inside, because every computer is a target. Hackers will attack your unimportant end user workstations in hopes to gain access from it to other, more important, systems.
Securing your information systems can be a daunting task, but using the three layered approach of computer protection, inside protection, and border protection will provide a good methodology for your implementation. You can no longer only protect your network from the outside. Attackers are crafty and will use any means to gain access to your information. The layered approach prevents attacks from the outside from the Internet, controls security issues inside your network, and provides a last line of defense for your computers.