Miscreants started scanning for Exchange Hafnium vulns five minutes after Microsoft told world about zero-days Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. Malicious people seeking to exploit flaws in general were doing so within a quarter of an hour of details being released, the company's Cortex Xpanse research …
Or make sure that your systems are secured so that the black hats can't gain access to them from the Internet, or that any such systems that do require Internet access do not have any critical and/or sensitive data on them.
Note: Exchange would normally fall into the latter category.
Hmm. We put the ADDS DC on one machine, stuff like DHCP, DNS, RRAS, on another, and Exchange, file services, database services, etc., on other machines. That’s other physical machines. There might be multiple file servers running in VMs, but on one or two or three (redundancy, y’know) different physical machines. None of which will be a DC.
"Many big group prefer to externalize everything to the lowest bidder"
Most SMBs in my experience outsource to any old guys someone suggested, or to an "all in" external IT service from their vendor with "support" thrown in.
You get the security you put the necessary and appropriate effort into. However, if you know nothing about infosec because you're an expert widget maker or art studio, how on earth are you expected to know the difference? Most of the available guidance is so superficial or general that it doesn't inform, and the rest is so technical that it only informs those who already know.
We need real public education on practical infosec that equips folks to evaluate and select support services properly.
Employ a competent IT security person, someone who leaves a USB stick in the office when they are interviewed and later in the day when someone picks the Rubber Ducky USB stick up and plugs it into their computer the entire network is compromised with a message on every computer, "You folks need to employ me to stop this happening again."
This post has been deleted by its author
I take options 3 and/or 4:
3) Don't use u$ products in the first place. Not so much that Linux is hugely superior, but that a) you should not award incompetence and b) there are not QUITE so many aggressors to handle.
4) Treat every high-rated vuln as a top-priority alert. If you cannot ascertain within 10 minutes that you are not affected, immediately degrade connectivity to only permit connections from known (mostly) trusted sources. Like you remote IT workers.
This suggests:
5) spend a lot of effort to ensure that the blast radius of any vuln on any service is limited.
The real reason why one company I work with has not yet patched something for 1 year is because they are on a tight timeline (for a year) and can't use the security engineers they hired to do the work. They have reassigned the security engineers to do UI work.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
