Note: This was written just before Christmas 2012 but it does apply to any longer holidays or vacations ../Juha Jurvanen
The Christmas holidays are coming up and most people look forward to them as always.
One aspect of the holidays though that might be worth to remember is that your serves might be more attacked during the holiday seasons since many hackers assume that your ususal vigilance for monitoring brute force attacka and dictionary attacks is lowered.
This year, Christmas Eve is on a Tuesday and for quite a few the time away from work can be up to a couple of weeks, including system administrators and techs.
The downside to this well-deserved leave is that it might give an attacker at least two weeks to try and hack your servers without anyone noticing it.
A few things you may want to do before you leave work for Christmas then.
Make sure your servers and systems (such as firmware for switches, WiFi and so on) have all necessary security patches installed.
Make sure your antivirus is running and updated.
Firewalls and WiFi entry points
Have a final look at any entrypoints to your networks i.e. have a look at firewall rules and WiFi access points. Shutdown everything that doesn’t need to be running.
Have look around and see that you don’t have any unncessary test systems running, if for no other reason than to save money on current. If your test-serevrs are in a virtual environment, shut them down since they could pose a securiy risk. Test systems are always test systems.
External access via VPN
Make sure you don’t have any rogue VPN certificates out in the wild or any users active that should’t have access. Also, consider changing administrative passwords if it’s been a while.
Have a look at battery and charging levels for your UPS ,
Should a power failure occur and these things don’t work , you might be forced to fix a failed hardrive on Christnmas Evev and nobody wants that.
Hardware health checks
Check for any hardware errors in your monitoring sodtware (such as the HP Insight interface ) to see make sure you don’t have hard drives that are predicted to fail or any other hardwrae malfuncion going on.
Have a good look at your backups, logs and doublecheck they’re running correctly and that data is duplicated automatically. Especially for any backups that clear logsfiles sucha as Exchange backups, SQL Server backups . You don’t want to fill up yur system drives if ou’re not around to take care of it.
Make sure there’s an updated plan in place with the correct phone numbers and contact info to the right staff and suppliers in case of an emergency. Have a look at the schedules to see who’s on call and make sure the plan is reachable, even if the datacenter isn’t.
Install software for monitoring and scanning your network and have it alert via email for anything strange such as a new device on your network, a newly created user somewhere, mismatch in network configurations and so on. You could have a look at SpiceWorks that’s free and gets the job done if don’t have anything in pace now,
Brute force and dictionary attacks and intrusion detection
Install Syspeace to automatically block, trace and report any brute force attacks against your Windows, Citrix, Exchange OWA, Sharepoint, Terminal servers, Sharepoint and so on.
I’m sure there’s even more things that might be worth doing but this is a start anyway.