• Protecting your school division from the Wannacry ransomware attack

    This month's Wannacry ransomware attack is unprecedented. As a K-12 IT manager or tech, we want to ensure our school data is protected from this most recent threat. Here are some steps (although not comprehensive) you can take to help mitigate the threat

    1. Disable SMB v1 on your domain / systems. The ransomware exploits a vulnerability in SMB v1.
    2. Ensure your systems are patched and up to date. Microsoft released a patch for this SMB vunlerability in March. MS17-010
    3. If you have a next generation firewall, use it to its full potential.
      1. Use features like geo-graphic port opening / blocking. Unless you have students / staff in other countries, you can lock down your services to only be available in your own home country thus mitigating many foreign attacks.
      2. Use deep SSL / packet inspection.
      3. Block botnets
      4. Use IPS / IDS
      5. Use inline AV scanning of data
      6. etc.

    4. Keep admin rights to a minimum, and in cases where users must have admin rights, prompt the user for credentials when escalated privileges are required.
    5. Ensure all systems have Anti-Virus / Anti-malware and that the definitions are up to date.
    6. Perform increased virus sweeps of all systems during periods when there is increased virus activity.
    7. Backups, backups, backups. Ensure you have regular backups with a long history (weeks or months) and ensure you test the recovery of your backups so you know they're working.
    8. Keep offline sets of backups. With the increase in ransomware, it is a good idea to keep an offline copy of your backups as well (Tape or USB drive). It would be unfortunate if all of your online backups were encrypted by ransomware
    9. Educate your users about the various attack vectors hackers use (phishing, email virus, malicious links, viruses embedded in software). We encourage our users to utilize online scanning engines such as http://www.virustotal.com before installing any software. Almost 60 scanning engines is better than one.


    Stay safe!
  • IT_Recent_Forum_Posts

    Ernest Aleixandre

    Critical KRACK vulnerability in WPA2

    Just this morning, a critical new vulnerability in WPA2 called KRACK has been publicly announced. Contact your WiFi manufacturer support to determine

    Ernest Aleixandre 10-16-2017, 02:20 PM Go to last post
    Dinsmore

    Approved Software Lists.

    Where can we view the approved list?

    Dinsmore 09-10-2017, 10:52 AM Go to last post