The Christmas holidays are coming up, and most people look forward to them as always.
One aspect of the holidays though that might be worth remembering is that your serves might be more attacked during the holiday seasons since many hackers assume that your usual vigilance for monitoring brute force attacks and dictionary attacks is lowered.
This year, Christmas Eve is on a Tuesday and for quite a few the time away from work can be up to a couple of weeks, including system administrators and techs. The downside to this well-deserved leave is that it might give an attacker at least two weeks to try and hack your servers without anyone noticing it.
Holiday preparedness list
Here are a few things you may want to do before you leave work for Christmas.
Make sure your servers and systems (such as firmware for switches, Wi-Fi, and so on) have all necessary security patches installed.
Make sure your antivirus is running and updated.
Firewalls and Wi-Fi entry points
Have a final look at any entry points to your networks i.e. have a look at firewall rules and Wi-Fi access points. Shut down everything that does not need to be running.
Look around and see that you do not have any unnecessary test systems running, if for no other reason than to save money on current. If your test servers are in a virtual environment, shut them down since they could pose a security risk. Test systems are always test systems.
External access via VPN
Make sure you do not have any rogue VPN certificates out in the wild or any active users that should not have access. Also, consider changing administrative passwords if it has been a while.
Have a look at the battery and charging levels for your UPS. Should a power failure occur, and these things don’t work, you might be forced to fix a failed hard drive on Christmas Eve, and nobody wants that.
Hardware health checks
Check for any hardware errors in your monitoring software (such as the HP Insight interface) to ensure you do not have hard drives that are predicted to fail or any other hardware malfunction.
Have a good look at your backups, and logs and double-check they are running correctly, and that data is duplicated automatically. Especially for any backups that clear log files such as Exchange backups, and SQL Server backups. You do not want to fill up your system drives if you are not around to take care of it.
Make sure there is an updated plan in place with the correct phone numbers and contact info for the right staff and suppliers in case of an emergency. Have a look at the schedules to see who is on call and make sure the plan is reachable, even if the data center is not.
Install software for monitoring and scanning your network and have it alert via email for anything strange such as a new device on your network, a newly created user somewhere, a mismatch in network configurations, and so on. You could have a look at SpiceWorks which is free and gets the job done if do not have anything in place now.
Brute force and dictionary attacks and intrusion detection
Install Syspeace to automatically block, trace and report any brute force attacks against your Windows, Citrix, Exchange OWA, Sharepoint, Terminal servers, Sharepoint, and so on.
I am sure there are even more things that might be worth doing, but this is a start anyway.
We at Syspeace wish you a Happy Holiday!