Azure Hybrid & Cloud Migration Blog

Author: Zahir Hussain Shah, CISSP, MVP Exchange Server

These days you will be hearing a lot about the increasing number of cyber-attacks taking place to destroy the computer security for both server and client side. Among these recent happened attacks includes the ARAMCO KSA and RASGAS Qatar are few of the top of the list in the middle east region, where companies suffered from billion dollar loss of revenue and employees productivity. These virus attacks, like Shamoon (malware) and Flame (virus) are so much sophisticated and very well engineered, which makes it difficult for the pre-protection like antivirus and post-protection like cleaning comprised data strategies to place a safeguard. By the way these type of well-engineered coded virus or malware are also consider as zero-day attacks, means when they launch first time, at this time there is no re-mediation and protection provided or available by the antivirus companies, because the code and the nature of these well-coded viruses and malware are not available in the anti-virus signature provided by the antivirus service provider, and thus someone has to become the feast-animal sacrifice to spread the world about the existence of such virus and protection later made available to the rest of the world for the further damage from this type of viruses.

If I talk about out-of-the-box then, I would say that usually these well-coded and sophisticated attacks are launch for a specific industry or if I go more specific then it is usually for specific entities.

Lets talk now about the remediation side for placing a safeguard to protect you organization from becoming a headline in the media, and a lesson-learned organization for others. In this article we will highlight the following best practices, which I would recommend to be in-place to safeguard your organization from these types of deadly security attacks:

Operating System and Application Path Management

Virus and Malware Protection

Home supply of virus and security threat, blocking of USB

Blocking e-mail attachments from flying internally and externally

Lets explain these above mentioned best practice in details now.

Operating System and Application Path Management

There is no application or operating system available in this planet, which is 100% secure, as you cannot reduce the risk to its end, because always there is little risk left. So it really doesnt matter which operating system you use in your company, there is always a need to patch up your workstation and servers for the latest patches for security and operating system level bugs and vulnerabilities.

For Windows Server and windows workstation, you can use SCCM and WSUS as independently for distributing patches in your organization. And as long as the application patch management is concerned, which is always very important because, we all have been witnessed of application level vulnerabilities causes serious damages, because these weaknesses of application allows the external and internal threats to take in-place and destroy the both application and user level data. For application patch management you can also use the same tools like SCMM and WSUS.

Virus and Malware Protection and Keeping an open eye on whats happening around you

As a general best practice to always distribute the latest updates of anti-virus signature among your workstations and servers. This is very important that you always keep an open eye of the antivirus and security forums and ask your anti-virus provider to notify you, whenever there is any security breach happens and its reported virus definition made available to the clients. So after being notified from anti-virus provider you also immediately deploy the same to your organization.

Home supply of virus and security threat, blocking of USB

I call it home supply of viruses and security threat, which is the USB stick available with car and home keys of the employee these days. This very cheap and handy to carry stick can cause serious damages to your security and organization. It is has been seen that 70% to 90% of employees never cares about the security of their end-devices, such as laptop and smart-phones, and while accessing these USB stick on these home devices and later brought them to their work-spaces and use with your corporate workstations is the super-supply of internet downloaded viruses and malware to your corporate workstations and servers.

So in your business good faith, you should completely restrict or use any type of solution, which monitors and block certain type of USB based data from being uploaded and downloaded from your corporate workstations and servers.

Blocking e-mail attachments from flying internally and externally

Last but not least, because there is no end for security tightening. As being an MVP for Exchange Server, how can I forget about my Exchange Server security, you should never think like this :).

Securing your e-mail from both internally and externally is extremely important, where these days accessing corporate e-mail from inside the company and out-side the company is very important and made very handy for the users. Thus making things easier for the employees means making it easier for them to use them with less-security concerns.

As a good practice, you should implement various e-mail server level protections for viruses and malware, and for implementing these securities you may consider FOPE (Microsoft Forefront Online Protection for Exchange Server) and any other service which allows you to implement various anti-viruses and malware related protection.

In this article, I would like to particularly share a list of file extensions, which should be blocked either on your FOPE or Exchange Server HUB Transport Server with HUB Transport Rules, these file extensions should not be float from inside and outside.

I would like to close this article with one of the most important element of your overall security design and implementation, which is continual security weaknesses findings, implementing safeguards and monitor your corporate security boundaries. You should always be sure about the proper implementation of due diligence and due-care concepts, which will help you to balance your security implementation.

I hope you must of have enjoyed reading this blog post, and would think about securing your corporate environment and as well as your e-mail access to your companys e-mail server as being a current employee. :)

Cheers!