Author Topic: Security for Servers and TAM/EPIC Data  (Read 100 times)

0 Members and 1 Guest are viewing this topic.

Offline Jeff Zylstra

  • ScurvyDawg
  • *******
  • Posts: 5058
  • Karma: +557/-2
Security for Servers and TAM/EPIC Data
« on: November 29, 2018, 11:53:58 am »
It's been a while since the "Security Basics" sticky post has been updated.  Given all of the developments in malware, and especially malware that encrypts files, I'm wondering if anyone would like to add/modify any of those points.   I have some questions and maybe suggestions that I'd like to run by the group...

Is FSRM as useful as it seems to be in protecting servers and other data repositories from malware?   There are scripts and kits to do it through FSRM, but how would YOU recommend doing it, and what files would you whitelist or blacklist? 

Also still wondering if it's ok to grant local administrator rights to workstations?  I'm still a little leery of giving too many permissions, and wondered what other's thoughts are on this.  I had a support person want me add local admin rights to a machine on the domain, so he could install software on that machine off site.  He didn't seem to think it was a big deal, but I'm thinking it was for his convenience, and not in my best interests. 

"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

Offline Tom Fisher

  • Frequent Flyer
  • ***
  • Posts: 163
  • Karma: +22/-0
Re: Security for Servers and TAM/EPIC Data
« Reply #1 on: November 29, 2018, 12:10:05 pm »
Also still wondering if it's ok to grant local administrator rights to workstations?  I'm still a little leery of giving too many permissions, and wondered what other's thoughts are on this.  I had a support person want me add local admin rights to a machine on the domain, so he could install software on that machine off site.  He didn't seem to think it was a big deal, but I'm thinking it was for his convenience, and not in my best interests.

Not giving local admin rights to users is the biggest thing you can do to keep your network safe.  End users are the entry point for malware and not having admin rights halts most malware in its tracks.  It makes admin life a pain in the rear, but it's worth it to keep everyone running as standard users.  Most times if vendors say users must have admin rights they are full of it and trying to make their own jobs easier.
Tom Fisher
The Tech Frood
tom@techfrood.com
www.techfrood.com

Offline Jeff Golas

  • Administrator
  • Scalliwag
  • *****
  • Posts: 2897
  • Karma: +332/-0
    • JKJ Website
Re: Security for Servers and TAM/EPIC Data
« Reply #2 on: November 29, 2018, 12:24:08 pm »
I have created some FSRM rules to at least warn me if oddball activity is going on, it won't "completely" prevent malware though.
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Offline Tom Fisher

  • Frequent Flyer
  • ***
  • Posts: 163
  • Karma: +22/-0
Re: Security for Servers and TAM/EPIC Data
« Reply #3 on: November 29, 2018, 01:13:25 pm »
There are so many things that go into keeping a network safe.  I always bring it back to a good backup and disaster recovery plan.  If something catastrophic happened - (think total crypto infection or building burns down) - do you have the ability to bring your systems back to no later than 24 hours prior to the catastrophe?  If not - put your time and energies there first and foremost.  I had a company call me last month with crypto - spend thousands getting back to business - who knows how much they lost in business - and to top it off - due to bad back-up - the data they restored from was 9 months old.  Terrible.
Tom Fisher
The Tech Frood
tom@techfrood.com
www.techfrood.com

Online Billy Welsh

  • Scalliwag
  • ******
  • Posts: 2964
  • Karma: +442/-5
  • Who's scruffy looking?
Re: Security for Servers and TAM/EPIC Data
« Reply #4 on: November 29, 2018, 05:32:06 pm »
Most times if vendors say users must have admin rights they are full of it and trying to make their own jobs easier.


Amen to that!


While I am not a "true" IT guy, I was that person for the small agency where I worked.  At the end I was directing a contract firm, which was much better.


I learned the hard way in Katrina's aftermath that following best practices for tape backups was no guarantee of success.  Data recovery was well below 100%.  I had never tested a full 100% recovery; all individual file recoveries always worked perfectly.  Once we got our undamaged file server out of the damaged office, one of the mirrored drives failed shortly after booting it up.  That's when I learned that mirrored drives were also no guarantee of success.  The drive that failed was the primary one, and as a result Novell would not boot up.  We had been through several previous secondary drive failures with minimal issues - shut it down, swap the drive, boot it up, maybe change/update the settings (can't remember), then let it replicate.  Of course the new wrinkle came at the worst time in the worst situation.  After all these years, I do not remember the ultimate solutions to that issue.  I had an IT consultant involved; I can only remember that they helped me work it out.
Controller
Hunt Telecommunications, LLC
Fiber | Phone | Internet | Cloud

Offline Tom Fisher

  • Frequent Flyer
  • ***
  • Posts: 163
  • Karma: +22/-0
Re: Security for Servers and TAM/EPIC Data
« Reply #5 on: November 30, 2018, 08:48:15 am »
I have focus on working with insurance agencies, having come from one myself, but I also server other verticals. 

It's almost funny (not really) how difficult it is to educate and sell a proper backup and disaster recovery solution to insurance people.  I mean it's just like insurance and its so difficult in getting them to see the value.  You know - until it's too late and they need it... (again just like insurance).
Tom Fisher
The Tech Frood
tom@techfrood.com
www.techfrood.com

Offline Jeff Zylstra

  • ScurvyDawg
  • *******
  • Posts: 5058
  • Karma: +557/-2
Re: Security for Servers and TAM/EPIC Data
« Reply #6 on: November 30, 2018, 02:42:08 pm »
I have focus on working with insurance agencies, having come from one myself, but I also server other verticals. 

It's almost funny (not really) how difficult it is to educate and sell a proper backup and disaster recovery solution to insurance people.  I mean it's just like insurance and its so difficult in getting them to see the value.  You know - until it's too late and they need it... (again just like insurance).

Most agents are gamblers to some degree.  They feel they know how and when to take risks.  That said, I've had data loss caused by a different type of corruption - human error.  We had an issue with several error messages and called Applied, and they repaired some files and said we were fine.  We were anything BUT fine.  Only the last tech had the presence of mind to ask if anyone had run the TAMSTART utility to check the integrity all of the files.   There were tens of thousands of problems with the files that could and should have been caught immediately. 

Thankfully I had multiple good copies of backups, but the moral of the story is to take the 10-15 minutes and run TAMSTART or any other data integrity checking software when there is an issue.  Yes.  I know the system is down, but it's only 15 minutes more!
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop