Does Your Golden Goose Server Stick Its Neck Out?

by | Server Security

Takeaways:

  • Many Back-end “Golden Goose Servers” do Connect to the Internet
  • Firewalls are not the end-all protection they are made out to be
  • It’s dangerous (and expensive) to let your “Golden Goose Server” connect to the entire world

A “Golden Goose Server” is a device containing highly sensitive information – financial, health, security – also known as your most guarded secrets.

Protected by firewalls? Maybe…it’s not….

 The Security of “No Access”

Here’s a revolutionary thought: Most back-end database servers and similar devices do not need to connect to the Internet. Web servers handle all user-facing tasks. Yet most back-end servers do connect to the Net. Why is that?

[VIDEO] Discover How HOPZERO Works

What if you don’t want your server to ever connect to the Internet, connect to internal users, or be able to connect to any external devices, even if the firewall is compromised or misconfigured?

Even if an internal user has security credentials, HOPsphere Radius Security won’t allow access to the device; it cannot connect and won’t even provide a login prompt.

There are many good reasons to limit your Golden Goose from “sticking its neck out” and connecting to the Internet.

Here are the biggest:

  1. It doesn’t need to. Updating from hardened internal servers, rather than the Internet, is significantly safer and the cost of an internal update system is significantly less expensive than the financial and PR costs of a security breach.
  2. It’s dangerous. The decision to connect a machine to the Internet must be carefully weighed. Many architectural protective steps must be taken and monitored continuously. Some organizations have rooms full of security analysts monitoring every connection made to the Internet. They use expensive, cutting-edge security tools, and work 24/7.
  3. It’s expensive. Deciding not to limit a secure server from accessing the Internet or reducing its hop count can cost exponentially more than proactive security measures. And beyond the financial cost, consider the PR costs of a breach. Even better, just ask the NSA, Target, Anthem, eBay, Chase…the list goes on and on!

With HOPsphere Radius Security applied, Internet global access can be reduced from 100% down to under 1%. This drastically cuts back on the work those security analysts have to perform, which allows them to focus effort and resources on real attacks.

How We Can Help

HOPZERO can help safeguard your information technology from some of the same threats that caused the most recent data breach, schedule your own FREE in-house consultation.

Golden Goose Server

Keeping Data on a Short Leash to Avoid Breaches

Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise? Another dog? Dogs...

HOPZERO Selected as “EMA Vendor to Watch”

Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research -- and unrivaled analysis -- the EMA is an important resource for data management and IT professionals anywhere. That's why it's...

Remembering 9/11: “Being Ready for the Call”

As we move closer to another anniversary of 9/11, I'm reminded of the opportunity my team and I had, just days after the attack, to serve my country by assisting with communication recovery for a besieged Pentagon.It was an experience I'll never forget. (The VIDEO...

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.