Skip to main content


Showing posts from September, 2017

Using defence in depth to mitigate the risk of ransomware

I've written before about the evils of crypto locker and the spawn of that devilish state of affairs known as ransomware. Recently I came across an infection and saw first hand how defence in depth can save your data and the bitcoin. Firstly, let's consider the perimeter of the network. What vectors for attack exist externally to the network? There are many and they include: malicious emails dodgy websites with malicious payload  malicious actors (hackers) out to get you The first layers of defence include (in this case): an antivirus/antispam gateway for email, with the firewall at the main router allowing only connections on port 25 (smtp) from the mail scanner gateway antispyware/antivirus email on the computers scanning every website that a user visits, plus using OpenDNS with a variety of restrictions on it to protect the user from themselves firewalls and obfuscated ports where applicable with minimal "open-to-the-world" ports That's the ha