Counter measure  versus counter counter measure and so on...
What you have described is genarally spoken a fine set of good ideas. 
But the bad brat who is investigating your system can find out that there is an access from time to time. This time slot could be the occasion to infect your parallel system in some way. 
I have a set of harddisks for my private computer which I fo update from time to time. But if they became infected two month ago and the activation timer of this virus is set for tomorrow, I have lost with the next access to this harddisk 
The management has a "learn cycle" as well, as any person or group of persons does. They need such an experience to get a feeling how reliable their experts are and how justified their requests have been. So all in all the money payed is a good investion as it was payed for "some special training" of the management.  There is just one disadvantage. This special stuff to protect the network has to be buyed now. But now the management surely will agree.

Gesendet von Outlook für Android

Von: [email protected] <[email protected]> im Auftrag von sbjohnston--- via Milsurplus <[email protected]>
Gesendet: Donnerstag, August 22, 2024 9:15:35 PM
An: [email protected] <[email protected]>
Betreff: Re: [Milsurplus] [Glowbugs] ARRL's ransom payment

Organizations compete in an "arms race" between the ever-increasing sophistication of those who would penetrate and disturb their networked systems, and the defenses they deploy to block such penetration and disturbance. 

For example, ARRL might have needed to spend $1 million dollars more on IT staff and services to achieve ta defense up to the challenge of the ransonware attack.  It can be difficult to get management to see this need to compete (and spend) to successfully defend the systems.

I remember telling one general manager repeatedly that our entire radio business enterprise was quite vulnerable (we were relying only on Windows client and server defenses and an older hardware firewall).  I offered a comprehensive plan to harden our systems - it was pretty expensive but not insane.  He responded, "Why do we need this?  Everything's working fine."  He never approved that plan since he did not seem to care about the risk.  

To allow us to restore operations after a potential ransonware attack, I ended up using maintenance money to build a parallel set of duplicate servers that we only connected to the wider network one night a week to get updated.  

I actually used a low-tech timer relay to control the power to the network switch that connected the two networks.  This produced a varying date/time of the update connection on a slightly less than one week interval.  Keeping the backup servers disconnected 98-99% of the time was my defense against hacking/virus spread/employee-misdeeds/etc.

The backup servers were also in a different part of the building in case the main server room had a fire/flood/etc.  

If the main servers got locked-up by a ransomware attack, I would just tear them out and put the duplicate backup servers in place to restore operation.  We'd have an interruption in services, and lose whatever work had been produced in the past few days, but that is far better than nothing (or paying big $ to the hackers).  

This also gave me backups to cover more mundane problems so it was a win-win.


Steve WD8DAS  

[email protected]  
http://www.wd8das.net/  
http://af4k-crystals.com/  
--------------------------------------------------------------------  
Radio is your best entertainment value.  
--------------------------------------------------------------------  

______________________________________________________________
Milsurplus mailing list
Home: http://mailman.qth.net/mailman/listinfo/milsurplus
Help: http://mailman.qth.net/mmfaq.htm
Post: mailto:[email protected]

This list hosted by: http://www.qsl.net
Please help support this email list: http://www.qsl.net/donate.html


.........................................................................................................................................
Join online meeting
.........................................................................................................................................