Does Your Golden Goose Server Stick Its Neck Out?

 

Takeaways:

  • Many Back-end “Golden Goose Servers” do Connect to the Internet
  • Firewalls are not the end-all protection they are made out to be
  • It’s dangerous (and expensive) to let your “Golden Goose Server” connect to the entire world

A “Golden Goose Server” is a device containing highly sensitive information – financial, health, security – also known as your most guarded secrets.

Protected by firewalls? Maybe…it’s not….

 The Security of “No Access”

Here’s a revolutionary thought: Most back-end database servers and similar devices do not need to connect to the Internet. Web servers handle all user-facing tasks. Yet most back-end servers do connect to the Net. Why is that?

 

What if you don’t want your server to ever connect to the Internet, connect to internal users, or be able to connect to any external devices, even if the firewall is compromised or misconfigured?

Even if an internal user has security credentials, HOPsphere Radius Security won’t allow access to the device; it cannot connect and won’t even provide a login prompt.

There are many good reasons to limit your Golden Goose from “sticking its neck out” and connecting to the Internet.

Here are the biggest:

  1. It doesn’t need to. Updating from hardened internal servers, rather than the Internet, is significantly safer and the cost of an internal update system is significantly less expensive than the financial and PR costs of a security breach.
  2. It’s dangerous. The decision to connect a machine to the Internet must be carefully weighed. Many architectural protective steps must be taken and monitored continuously. Some organizations have rooms full of security analysts monitoring every connection made to the Internet. They use expensive, cutting-edge security tools, and work 24/7.
  3. It’s expensive. Deciding not to limit a secure server from accessing the Internet or reducing its hop count can cost exponentially more than proactive security measures. And beyond the financial cost, consider the PR costs of a breach. Even better, just ask the NSA, Target, Anthem, eBay, Chase…the list goes on and on!

With HOPsphere Radius Security applied, Internet global access can be reduced from 100% down to under 1%. This drastically cuts back on the work those security analysts have to perform, which allows them to focus effort and resources on real attacks.

How We Can Help

HOPZERO can help safeguard your information technology from some of the same threats that caused the most recent data breach, schedule your own FREE in-house consultation.

Golden Goose Server
<a href="https://hopzero.com/author/hopzero2/" target="_self">Bill Alderson</a>

Bill Alderson

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.

Bill Alderson

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.

Read More

Legacy Server Security Measures: When Firewalls Fail

Legacy Server Security Measures: When Firewalls Fail

Takeaways:Legacy servers, those too cumbersome or expensive to replace, don’t have to be vulnerable to cyber-attack when firewalls fail to protect.Not all firewalls are created equal. In fact, as recent Cisco announcements proved, many firewalls are no longer...