How to Keep Your Server Safe (and Your To-Do List Manageable)

by | Data Breach, Data Limits, Server Security

Takeaways:

  • A “Crown Jewel” server is defined as one storing high-value data.
  • Nearly every large organization has one or more of these servers.
  • The word “catastrophic” is grossly insufficient to describe a possible compromise. 
  • Building the “biggest castle” around your server may not be the answer.

Executives worry about their “Crown Jewel Server,” and for good reason. They are often packed with industry secrets, financial data, private client information, and other highly private information…and usually they are unnecessarily unsecure

And they require a healthy amount of time, energy (and money) to safeguard—depriving you  of the chance to direct your resources elsewhere.

Is Your “Crown Jewel Server” at Risk?

Here’s what you need to know about your “crown jewel server”:

  1. By default, it can communicate with the full network to which it is connected. If that includes the Internet, then that means 100% of the Internet.
  2. Firewalls are not perfect. If a “Crown Jewel” server is behind a firewall—and it should be— that is good. But good isn’t “great,” as even the most modern of firewalls have been compromised.
  3. Many older firewalls are out-of-date, no longer supported by their manufacturer, and are highly-vulnerable to attack. In fact, every Cisco firewall, if not patched since August 25th, 2016, is warned to be unsafe, by Cisco themselves.
  4. Security administrators are swamped with patches and update tasks. Many have difficulties keeping up with systems updates, new technologies, and changing organization needs—and are put in a vulnerable position when dealing with attacks.

[VIDEO] Discover How HOPZERO Can Help

 

But there is another layer of security to consider, one that can BOOST security and reduce your organization’s workload: HOPsphere Radius Security offered by HOPZERO. 

The service enables LIMITS on how far packets will travel, effectively putting up a nearly-unreachable moat around your crown jewel server. (As the old saying goes: “The wider the moat, the more defended the castle.”)

By limiting the HOPsphere radius of a server, servers cannot communicate to any device beyond a definable number of routers. Because attackers generally desire to maintain anonymity, they must connect through elaborate chains of routers to launch their attack.

By limiting the number of acceptable routers to a number too small for a hacker to comfortably launch from, most attacks will simply never come.

Consider what’s at stake in a security breach:

  • Military, government, and intelligence agencies have incredibly-sensitive data that could put the lives of private citizens, soldiers, and even entire countries at risk if breached.
  • Healthcare providers, pharmaceutical developers, and medical researchers have deeply-sensitive data that could put patients, customers, and future medical advances at risk if breached.
  • Banks, equity-investment firms, and insurance companies have critical financial data that could put customers, investors, and private citizens, even the larger global economy at risk if breached.

By limiting the HOP sphere of sensitive devices, locking down private databases, and reducing incoming/outgoing access with the Internet, these risks can be mitigated tremendously.

How We Can Help

HOPZERO can help safeguard your information technology from some of the same threats that caused the most recent data breach, schedule your own FREE in-house consultation.

 

Keeping Data on a Short Leash to Avoid Breaches

Even the best-trained dogs have leashes while in public. Despite how much one trusts their dog to act obediently, it simply is not possible to know what kind of situations one might encounter while on a walk—maybe an enticing squirrel? A loud noise?...

HOPZERO Selected as “EMA Vendor to Watch”

Enterprise Management Associates (EMA) is a leading voice in the information security industry. With its dedication to in-depth research — and unrivaled analysis — the EMA is an important resource for data management and IT professionals...

Remembering 9/11: “Being Ready for the Call”

As we move closer to another anniversary of 9/11, I'm reminded of the opportunity my team and I had, just days after the attack, to serve my country by assisting with communication recovery for a besieged Pentagon.It was an experience I'll never forget....

Bill Alderson is CEO and co-founder of HOPZERO. He has been involved with network security since 1980, where he began analyzing secure networks for Lockheed. Formerly Technology Officer of NetQoS/CA Technologies, he is a deep packet analyst, and was an integral member of the 9/11 Pentagon restoral team. Alderson has trained over 50,000 network forensic professionals through his Certified NetAnalyst program, and has assisted 75 Fortune 100 companies with network security needs. He was deployed six times with US Central Command to Iraq and Afghanistan to provide deep packet analysis for large-scale network Department of Defense biometric network systems.