WD-20 Protection From Hacking

Startbeitrag von SSP am 18.10.2016 12:26

Hi All,

Currently one of my customer Server is hacked and all files are encrypted. How can we protect our windev application and database from hacking. Is there any solution for this??

Please post your suggestions

Thank You

$$P

Antworten:

SSP

Besides the obvious suggestion regarding proper AV security etc. there is another option which is to change the extension of the database files e.g. instead of FIC, NDX, MMO you could use another variation like FIC2, NDX2, and MMO2 for example. The ransomware program would not recognize those file extensions and would leave them alone.

von JP - am 18.10.2016 12:50
Hi.
Well, a very secure scenario example is:
1 - The data files are accesed via HFSQL C/S in a dedicated server. The Classic mode is more insecure since all users have direct read/write access to them. So if one workstation get infected, it could encrypt the data files.
2 - The only person who can logon to the server with and administrator group account. Also no one knows the password.
3 - The only opened port of the server is the ones of HFSQL.

In this scenario, i would not install any AV, nor would enable the automatic updates. Since all ports are closed, there is no way that a virus could do anything.

If you can't trust users, then protect bios with a password so no one can boot from a pendrive or live cd.

If you trust user, and some ones need to do things on the server you can create a normal account for them. Within normal user group, which of course will not have write access to the data files).

Regards,
José Antonio.

von Jose Antonio Garrido - am 18.10.2016 18:30
How about to hide the directory + fic/ndx/mmo?
I guess the best to line up hfSqlServer in Linux as a server only thus no desktop user
to logon server but with client thru native hf/odbc thus enhance a better security indeed.

HTH

King

von kingdr - am 18.10.2016 19:26
From my live experience on ransomware,

don't trust AV. by the time AV recognize the ransomware, a new version already installed in your machine. format the infected machine.
don't be surprise if top 10 AVs unable to detect the ransomware

von ccc2 - am 18.10.2016 22:44
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.