× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2021

RE: Ransomware on Power

For #5, I meant to say "Very few domain admins"

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Matt Olson via MIDRANGE-L
Sent: Wednesday, January 20, 2021 11:57 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Matt Olson <Matt.Olson@xxxxxxxx>
Subject: RE: Ransomware on Power

Ransomware is going to be executed on a windows platform most likely. As such you should have strong domain level controls throughout your entire organization including, but not limited to:

1. AV on all client machines and servers
2. No VPN connections from non-company control machines (users should not be able to VPN from their home malware infested PC's)
3. You should deploy AppLocker organization wide, which only allows whitelisted .exe's to be executed. This single security measure make's it almost unnecessary to run AV (but you should still run it).
4. No user should be local admins of their PC
5. You should have very many domain admin accounts
6. Install dual factor auth on all your servers (and PC's ideally), such as Duo authentication

You do all those things, your attack vectors for ransomware are greatly diminished. #2 - #4 are the single most important things you could do.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Ketzes, Larry
Sent: Tuesday, January 19, 2021 12:46 PM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Ransomware on Power

Hello all,
I'd like to know what strategy folks are using for ransomware on Power. I think IBM has a product available if you are using IBM storage. Any other alternatives people are using?

Thanks, Larry

Larry Ketzes | Director, Midrange Engineering | Foundational Engineering | MetLife

101 MetLife Way, Cary, NC 27513 | T. 919-907-5229 | M. 302-382-1316 | lketzes@xxxxxxxxxxx<mailto:lketzes@xxxxxxxxxxx>


The information contained in this message may be CONFIDENTIAL and is for the intended addressee only. Any unauthorized use, dissemination of the information, or copying of this message is prohibited. If you are not the intended addressee, please notify the sender immediately and delete this message.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.