Does Your Golden Goose Server Stick Its Neck Out?

Takeaways:

• Many Back-end “Golden Goose Servers” do Connect to the Internet
• Firewalls are not the end-all protection they are made out to be
• It’s dangerous (and expensive) to let your “Golden Goose Server” connect to the entire world

A “Golden Goose Server” is a device containing highly sensitive information – financial, health, security – also known as your most guarded secrets.

Protected by firewalls? Maybe…it’s not….

 The Security of “No Access”

Here’s a revolutionary thought: Most back-end database servers and similar devices do not need to connect to the Internet. Web servers handle all user-facing tasks. Yet most back-end servers do connect to the Net. Why is that?

What if you don’t want your server to ever connect to the Internet, connect to internal users, or be able to connect to any external devices, even if the firewall is compromised or misconfigured?

Even if an internal user has security credentials, HOPsphere Radius Security won’t allow access to the device; it cannot connect and won’t even provide a login prompt.

There are many good reasons to limit your Golden Goose from “sticking its neck out” and connecting to the Internet.

Here are the biggest:

1. It doesn’t need to. Updating from hardened internal servers, rather than the Internet, is significantly safer and the cost of an internal update system is significantly less expensive than the financial and PR costs of a security breach.
2. It’s dangerous. The decision to connect a machine to the Internet must be carefully weighed. Many architectural protective steps must be taken and monitored continuously. Some organizations have rooms full of security analysts monitoring every connection made to the Internet. They use expensive, cutting-edge security tools, and work 24/7.
3. It’s expensive. Deciding not to limit a secure server from accessing the Internet or reducing its hop count can cost exponentially more than proactive security measures. And beyond the financial cost, consider the PR costs of a breach. Even better, just ask the NSA, Target, Anthem, eBay, Chase…the list goes on and on!

With HOPsphere Radius Security applied, Internet global access can be reduced from 100% down to under 1%. This drastically cuts back on the work those security analysts have to perform, which allows them to focus effort and resources on real attacks.

How We Can Help

HOPZERO can help safeguard your information technology from some of the same threats that caused the most recent data breach, schedule your own FREE in-house consultation.