Equifax Breach Caused By Failure to a Patch Server?

Not that surprising actually.  The vast majority of cyber security breaches are due to unpatched servers.

How can you be certain that your servers and applications are up to date and secure?

NetWatchman Server Care ensures that all of your systems will be fully patched and updated with the latest stable code available.

In light of Cyber Security Awareness Month our NetWatchman team is providing some insight on the critical server tasks that need to be completed regularly to ensure that your server environment is as secure as possible.

Below is our NetWatchman 8 point server security checklist:

Full server hardware and software inventories should be taken, documented and archived for security compliance, licensing compliance and support program life cycles.

Having an inventory of all hardware and software running in your environment is a requirement of HIPAA, PCI, FFIEC, FINRA, CJIS, NIST, CIS Top 20 and ISO27000. Not having a schedule of hardware and software expiration dates means that you are at risk of being caught off guard when a security audit occurs or a software or support license for instance, expires.

 

Patching Application and operating system software updates, patches and hot fixes should be researched, assessed and documented before installing to ensure there will be no undesirable effects.

Patches, updates and fixes can remediate problems ranging from simple software bug fixes and new features to patching security vulnerabilities. Not patching and updating also presents a significant risk of potential downtime. Be aware however, that occasionally, software updates can have undesirable effects of their own and it is preferable to have a test environment to test software updates before installing in production.

 

Anti-Virus & Anti-Spyware software needs to be checked to ensure definitions are up to date and that they are up, running, and protecting your organization.

Malware, viruses, spyware and hackers can cause problems ranging from ransomware to theft of intellectual property, and/or hijacking control of your servers.

 

Backups should be validated that they are working correctly.

If backups are not complete you are at risk of having a catastrophic loss of data. If your servers get infected by ransomware and you don’t have a viable backup of your environment, you will be down with no means to recover which will leave you with the only option of paying ransom.

 

Hard Drives need to be monitored continually to ensure that available disk space is not getting too low or the allocated disk space is in need of defragmenting.

If a server or virtual environment runs out of disk space unexpectedly, your environment can go down and data can be corrupted resulting in your critical applications not being available.

 

Windows services monitoring needs to be checked to ensure critical processes have not stalled.

Issues, such as stalled processes, that cause applications to become unavailable are considered by the majority of people to be a high risk to the business. Not having the ability to monitor and remediate stalled process means your users have to notify you when there is an issue which also puts the server admin in a reactive position.

 

Review Active Directory user accounts for user adds, moves, changes and removals. It is critical that you keep Active Directory up to date so that employee access policy changes are appropriately updated to reflect the employee's new status.

Having user accounts associated with employees who are no longer with your organization is a security risk. These accounts should be reviewed and disabled on a regular basis.

 

Windows Event Logs should be monitored and checked on a regular basis for errors, warnings and steps need to be taken to remediate issues found.

Windows Event Logs function as an early warning system to alert you of potentially bad things that are occurring in your server environment. It is important to be notified immediately when important events occur so you can take corrective action before they result in a costly disruption.