9 Steps To Do When Your Web Server Is Down

wd2

 
 
 
 
 
  
 
  
 
 

What to do if  web server is down ?

 

1) Check if there is any power outages

2) Is the access to your web server completely cut off  or can some IP address still hit the server ?

3) Check if the management access to the server still possible?

4) Check if there is unusual entries into the logs?

5) Try to ” ping”  the server  from within the LAN

6) Back up domain and service , do remember this back up probably contain compromised scripts which you do not want to restore directly from this backup.

7) Take your website offline

wd3
 

8) Start performing “Damage Assessment”

9)  Start Recovery Process –reinstall your environment from a known clean source.

recovery

 
 
 
 

Reason :

1) Programming Error – chk Apache error log , chk developer if they updating site.

2) DNS problem or an expiry domain – chk WHOIS, and nameserver

3) Networking problem – ping, traceroute

4) Service on the server crashed (apache, mysql, iis)

5) whole server crashed

6) run > df –h to check if it is run out of space
 
download

 
 
 

Step To Prevent Service From Being Hacked :

1) Use strong password

2) Use secure protocols – include SSL connection for email, use SFTP instead more common FTP protocol.

3) Maintain regular backups

4) Harden your PHP setting

hacked

  

How To Prevent Ransomware

rs4

 

 

What is Ransomware?
Ransomware stops you from using your PC. It holds your PC or files for ransom.
 

 
The biggest ransomware threat for Windows users is CryptoWall, a sophisticated malware program that encrypts a wide range of files and demands that victims pay a ransom in Bitcoin cryptocurrency to recover them.

Security researchers advise against paying such ransoms to cybercriminals, because there is no guarantee of getting the decryption key and because it encourages them to continue their scheme.
 

Yet, there are many publicly reported cases of users, companies and even government organizations who gave in to the extortion and paid to recover their critical files.

rs1
 
 
Example Of Ransomware:
 
rs2
 
 
rs3
 
 
 
How Do I Protect Myself Against Ransomware ?
 
1) Back up your data – Files should be backed up to drives or network shares that are only temporarily connected to the computer or that require a username and password to be accessed. Ransomware programs will also encrypt files from folders accessible over the network if they can write to them.

2) Show hidden file-extension – It would be easier to spot suspicious files like “.PDF.EXE”

3) Filter EXEs in email

4) Install and use an up-to-date antivirus solution

5) Patch or update your software

6) Avoid clicking on links or opening attachments/emails from people you don’t know or companies you don’t liaise with.

7) Have a pop-up blocker running in your web browser.

8) Disconnect from WiFi or Unplug from the network immediately – If you run a file that you suspect may be ransomware, but you have not yet seen the characteristic ransomware screen, if you act very quickly you might be able to stop communication with the Command and Control server before it finish encrypting your files.
 

 
rs5
 

 

How To Plan Disaster Recovery

ds7

What is disaster?

hacker attack
computer virus
electric power failures
underground cable cut
mistake of system administrator
to make sure the business continuity, we must involves in disaster recovery.

Disaster recovery planning :
detect
notify
isolate
repair

ds6
What you need to do?
you need a step by step PROCEDURE for recovering disrupted system and networks,help them resume normal operation.
– Develop the contingency planning policy statement
– Conduct the BIA ( business impact analysis)
– Identify preventive controls
– Develop recovery strategies
– Develop an IT contingency plan
– Plan testing, training and exercising
– Plan maintenance

ds8

1) The plan development team should meet with the internal technology team, application team and network administrator to establish the scope of the activity.

2) Gather all relevant network infrastructure documents. eg: network diagrams, equipment configurations, database.

3) Obtain copies existing IT and network DR plans. If not exists, proceed with the following steps.

4) Ide
ntify what management perceives as the most serious threats to the IT infrastructure.
eg: lack of backup power, out of date databases

5) review previous history of outages and how the business unit handle them.
ds3

6) Identify what management perceives as the most critical IT assets eg: server farm, internet access availability, call center

7) determine the maximum outage time the management can accept if the IT assets are unavailable

8) Identify the operational procedures were currently used to respond to critical outages

9) Identify emergency team response for all the critical IT infrastructure disruptions, and their level training with critical system.

10) Identify vendor emergency response capabilities. Evaluate how much company pay for their services ? include the service contract , presence of service-level agreement (SLA) and if it is used.

ds5

11) Compile all the results into a gap analysis report that identifies what currently done and recommend as how to achieve the required level of preparedness , and estimated investment required.

12) Get management review the report and agree on recommended actions.

13) Prepare IT disaster recovery plan to address critical IT system and networks.

14) conduct tests of plans and system recovery assets to validate their operation.

15) update DR plan documentation to reflect changes

16) Schedule next review/audit of IT disaster recovery capabilities
Considerations For IT Disaster REcovery Planning
– Senior management support
– Take IT DR planning process seriously.
– Follow Standard : NIST SP 800-34 , ISO/IEC 24762 , BS 25777
– Keep It Simple
– Review result with business unit
– Be flexible , modified the template as needed to accomplish your goal

ds4

Things To Know for Industrial Control System

 

Access Management

–  Access control models ( eg: MAC, DAC, role-based)
–  Directory services (eg: AD, LDAP)
–  User access mgmt ( eg user account , service account, temporary account ,guest account , default account, access control list, access reconciliation)

ics2

Configuration/Change management

– Baselines, equipment connections and configuration auditing
– Distribution and installation patches
– Software reloads and firmware management

ics3

Cybersecurity

– Attacks and incidents
(eg: man in the middle , spoofing, social engineering, denial of services. denial of view, data manipulating, session hijacking, foreign software, unauthorized access)
– Availability
(eg: health and safety , environmental , productivity)
– Cryptographics
(eg: encryption , digital signatures, certificate management, PKI, Public versus private key, hashing, key management, resource contraints)
– Security awareness programs (employment/management)
– Security tenets (eg: CIA, non-repudiation, least priviledge, seperation of duties)
– Threats
(eg : nation states, general criminals, inside and outside malicious attackers, hacktivists, inside non-malicious )

 

ics4

Disaster Recovery and business Continuity

– Site redundancy ( eg: hotsite, off-site backup)
– System backup
(eg: security , data sanitization , disposal, redeploying, testing backups, operational procedures)
– System restoration
(eg: full, partial , procedures, spares)

ics5

 ICS Architecture

– field device architecture ( eg: relay, PLC, switch, process unit)
– Industrial protocols ( eg: modbus, modbus TCP, DNP3, Enthernet/IP, OPC)
– Network protocols ( eg: DNS, DHCP, TCP/IP)
– Network segment (eg, partitioning, segregation, zones and conduits, reference architecture, network devices and services)

ics7

Modules and Elements 

-Hardening ( eg: anti-malware, implementation , updating, monitoring and sanitization)
– Application security
– Embedded devices
– End point protetion including user work station and mobile device
– Network security
– OS security
– Removable media

Security Assessment

– Penetration testing and exploitation
– Self assessment ( eg: risk, criticality, vulnerability, attack surface analysis, supply chain)
– Security tools (eg: packet sniffer, port scanner, vulnerability scanner)

Security Governance and Risk Management

– Global security standards, practices and regulations ( eg: IEC/ISA 62443, NIST 800-82, ISO 2700xx)
– Risk Management (eg: PHA/Hazop usage, risk acceptance, risk/mitigation plan)
– Security lifecycle management ( eg: commissiong and decomm)
– Security policies and procedures development( eg: exceptions, exemptions, requirements, standards)

Security Monitoring

– archiving
– network monitoring and logging
– security monitoring and logging

ics9

Incident Management

– Incident recognition and triage ( eg: log analysis, event correlation, anomalous behaviour, intrusion detection, IPS)
– Incident remidiation/recovery
– Incident response (eg: recording/reporting, forensic log analysis, containment, incident response team, root cause analysis, eradication/quarantine)

Industrial Control systems

– Basic process control system ( eg: RTU, PLC, DCS, SCADA, metering/telemetry, ethernet I/O, busses, Purdue (ISA95))
– Critical infrastructure sector (eg: chemical, waste water, eletricity, oil and gas)
– Safety and protection system ( eg: SIS, EMS, leak detection, FGS, BMS, vibration monitoring)

 Physical Security

ics8

Finding The Right Tool To Monitor Your System 100%

d12s

Corporate information become more important in the era of intellectual economy. The critical factor for success is to protect corporate information effectively. Together with the fast growth in the information technology, the internet becomes an important channel of communication between customers and corporations.

As important information leakage brings losses to corporations, a comprehensive control of computer usage is important. It controls and reduces the risk of loss caused by leakage of the confidential information and abuse of corporate resources and intellectual property.

According to researchers of the Gartner Group and Forrester Research, nearly 50 % of time within MIS department has been spent on computer installation and software upgrading which occupy a large proportion of the cost. System administrators spend 70-80% of working time on daily maintenance tasks. Therefore, it is necessary to reduce the workload of system administrators on minor tasks to increase their efficiency on computer management tasks.

d13

So , finding the right tool to monitor your system become and important task. You should choose the tools which is user friendly, easy to control and generate reports.

d15

Let me recommend you my favorite  tool – Via Control

 

ViaControl is a powerful software to increase efficiency for corporations. It can monitor and record the utilization of every computer. Its features include daily operation statistic, policy management, screen snapshot, real-time recording, assest management, system patch mangement, software distribution and remote control.

Example: ViaControl can automatically record screen snapshots, record computer utilization, secure corporation information and enhance productivity.

 

Value of  ViaControl
=========================
1) Protect Information Security

  • ViaControl not only records document operationsand protects information from illegal transfer , yet also encrypts information automatically.
  •  Only authorized files can be used or operated on.

 

2) Increase Productivity :

  • ViaControl provides statistics and analysis reports of application usage as well as browsing behavior.
  • Furthermore, it manages the network bandwidth amd monitors employees’activities so as to optimize resource utilization and enhance employees’ work efficiency.

 

3) Reduce Cost of Asset Management

  • ViaControl gathers IT asset information automatically.
  • Patches can be installed and vulnerabilities can be scanned automatically.
  • The software distribution function can distribute third party software to agent computers.
  • Administrators can manage IT assets with ease.

 

4) Realize Remote Management

  • Viacontrol supports remote control and assists multi-national organizations   to manage the operation of their branches.
  • In addition, It requires no special communication protocol for agents with    its adaptability to various network structure.

 

5) Achieve Centralized Management

  • ViaControl enables administrators to centrally create security policies and it executes those policies automatically and compulsively without affecting user operations.

d16

System Feature of ViaControl includes :

 

– Running Statistic
Generate statistic reports on every application process, website browsing and network flow in order to evaluate the behavior of staffs.

 

– Real-time Monitoring
Administrator able to monitor computer usage,including application usage, website browsing history, documents operation (ie: printing activities) ,instant messages , email contents at real time.

 

– Policy Control
Computer restrictions including application usage, website browsing, document operation and printing, network usage, bandwidth and devices.
It can protect organization information, enhance staff effiency and allow organization to plan resources.

 

– Real-time Maintenance
System administrators can monitor computers remotely with ViControl.
It controls computers, analyzers and solves computer problems remotely.

 

– Asset Management
ViaControl records hardware and software asset information in detail.
Alert can be sent when there is any changesin software or hardware.
Asset information can be searched from custom-built query.

 

– Patch and Vulnerabilities Management
ViaControl can check windows patches frequently.
It will automatically downloads , distributes and installs the patch to agents if new patch is found.
Furthermore, it will suggest system administrator the solution/workaround.

 

– Software Deployment
ViaControl provides a simple way to distribute documents and deploy third party software to internalcomputers within the organization to lighten the workload of administrator and enhance efficiency.

 

So, as a business owner. Do you willing to invest small money to protect your confidential and valuable data ?

dd