In this video, Scott introduces the building blocks of a network where malware doesn't stand a chance. Network design and user responsibility are presented.
- [Instructor] I suppose that in a perfect world, a network administrator would hear about the latest malware on the news and go to work to find that their defenses are complete, their users are trained, and that no threat had wormed its way into their network. A really close second would be knowing that even if one Trojan horse did con one of our users into releasing its payload, no lasting harm would be done. Let's take a look at the technologies and the processes that make this nearly perfect world possible.
The first piece of this nearly perfect world is backups. In May of 2017, WanaCrypt became the most successful piece of ransomware to date as it encrypted documents on the hard drive of Windows workstations and demanded a bitcoin ransom. If the user's files had been backed up before they were infected, there would have been no reason to even consider paying the ransom because recent copies of their lost files would be readily available. The second building block of this nearly perfect world is centralized storage of all files.
In my dream world, network users don't save files to their desktops or even to their own My Documents folders, but to network places where I can back them up frequently and not worry about what happens to the workstations. This second building block makes the first even easier because all the files are stored on a selected few computers. And building block number three is an extension of this line of thinking. If all data is stored on the network servers, I can use Windows Deployment Server or any number of imaging products to push a fresh installation to restore any computer in my network to a clean deployment in a matter of minutes.
Together with centralized storage of data, this makes the installation of any workstation completely disposable. I will save time and effort by reimaging the workstation to remove any threat. And I can have these images constantly modified to include the latest monthly update from Microsoft to patch even the most recently discovered vulnerabilities. This step alone would have slowed or stopped the spread of many common worms. And as long as I'm portraying a nearly perfect world, I'm going to add an important fourth component, careful and honest users.
There have been several viruses over the years that self-replicate and spread themselves around a home or corporate network. Most of these, however, are initially launched in the private network by an unsuspecting user. Sometimes these users just had to open that suspiciously named email attachment from someone they didn't know. Sometimes they gave in to the urge to try a sweepstakes game in the banner ad of a hobbyist website. In my nearly perfect world, users realize that a little self-discipline in the workplace will keep them and their computer safe.
Just as important as users avoiding attachments and links that should be suspicious is users feeling comfortable reporting to IT when something happens. Eventually, someone will want to punch a monkey or open the eternal blue attachment. If the nearly perfect administrator finds out before the malware has a chance to spread, only the one machine will have to be reimaged and all files can be recovered. The more you look at this, the more you realize that it isn't just a crazy dream.
It's a roadmap.
- Determine whether worms or viruses are a bigger problem.
- Describe the fundamental characteristic of ransomware.
- Recognize the first step in stopping the spread of a network problem.
- Explain the key benefit of stopping processes in active memory.
- Name a benefit of using WSUS for updates.