Security survival is about taking proactive defensive measures to potential threats. This can range from complicated tasks, such as ensuring that proper disaster recovery (DR) procedures are in place, to simple ones, such as setting up secure passwords and ensuring that password policy is maintained.
- Defense area A - Constant OS updates
- Prepare for updates
- OS updates can be difficult to test and install: License, Firewalls
- Must-Haves:
- Routine monitoring for updates & continuous access to them
- Maintain licenses and/or support contracts!
- Lab network for testing and scheduling tests
- Regression testing takes time and manpower
- Regular testing is a must
- Working redundancy for OS patches
- Must have redundant services in place in the event an update fails on a primary server
- Keeping systems patched
- Update OS patches on all new installations
- Must-Haves
- Schedule & resources for lab patch testing
- Phased rollout schedule for production patching
- Replace infected servers
- Once infected, always infected.
- It's infeasible to completely clean an exploited server
- Disable infected server completely, and replace
- Must-Haves
- Proven backup method to replace any server at any time.
- Defense area B - Strict Firewall Policy
- Tightly restrict firewall rules
- Limit inbound from corporate, outbound to internet
- Exploits can cross from OS A to OS B (Windows, OSX, Linux, etc)
- Command and Control systems usually connect outbound from infected systems to get instructions
- Must-Haves
- Firewall must minimize access from Corporate & Mangement networks
- Block outbound internet access from core servers
- Routinely monitor for Linux malware
- Regularly monitor for news of Linux malware
- Prepare to modify security strategies to protect against it.