There is no doubt at all that the main wave of ransomware attacks has significantly subsided. This is partly because of the preventive measures network administrators have put in place. It gets better with the fact that the future looks bright. Soon, ransomware attacks will be completely forgotten. But with all these steps come a few downsides. First off, some network administrators become complacent. That is, they ease up on preventive measures. This often proves to be costly in the long run as they leave their systems susceptible to attacks. To avoid such setbacks, consider the following preventive measures.
Use a subnet for each department, server and virtual machine network. You can then connect the subnets with different gateways so as to improve security. That way, you can be sure you are safe even if one subnet or machine is compromised. Only a fraction of your network will be affected. The rest will be difficult or even impossible to infect. Note that broadcasts are usually limited by the size of the subnet it is under. They are not submitted to other network segments. This mitigates the risk of attacks like ARP spoofing attacks.
Gateway Configuration For Networks
Configure all firewalls, NAT and any access rule for network gateway. Be sure to also close unused ports especially the ones on external interfaces. Allow access only to trusted networks and IP addresses. Remember that changing or updating standard port numbers can help reduce the number of automatic scanning cycles and attempts. For instance, you can change TCP port 22, used by SSH to any other free TCP port number.
Access Restriction Policies
Provide full access only when and where necessary. Where possible, configure accounts with appropriate non-administrative access. For shared resources, stick to read only access for users and groups that do not need access permissions. Allow access to networks or servers only for users that need them for work related activities. Then when it comes to providing access from external networks to any service on hosts that are located in internal networks, stick to using port forwarding. Lastly, disable any service that is not in use.
Use IP Anti-Spoofing Protection
Anti-spoofing protection comes in handy where there is an ARP threat. With anti-spoofing protection, your system can easily protect sensitive data that is being transmitted over your network. Without such protection, such data can be redirected to a malicious system, a setback that can easily infect your system and shut it down. Another tip that can come in handy is configuring appropriate packet filtering rules with firewalls on your system gateway. This will make it easy for you to reject packets that are addressed to networks that do not match the sending interface. Be sure to also use secure protocols that easily support encryption. Such protocols include SSL, HTTPS, HSTS, IPsec and SSH.
Filename Spoofing Protection
Malware is designed to spoof file names that allow malicious executable files, which masquerade as harmless, to infect a system. The most common method involves using names with extensions such as music.mp3.exe or image.jpg.exe. By configuring your folder options to deselect hidden extensions, you can keep your system safe. You can also opt to prohibit downloading such files with a reliable filter via your proxy server.