Firewall Best Practices to Block Ransomware Attacks and what has NxtGen done?

Dinsoka K / January 18, 2018

It is important to keep in mind that IPS, sandboxing and all other protection the firewall provides is only effective against traffic that is traversing the firewall and where suitable enforcement and protection policies are being applied to the firewall rules governing that traffic. So, with that in mind, follow these best practices for preventing the spread of worm-like attacks on your network:

  1. Ensure you have the right protection including a modern high-performance next-gen firewall IPS engine and sandboxing solution.
    • NxtGen has been using high performance next-generation firewalls since beginning. We have done hardware upgradation periodically. NxtGen has started its journey with Fortinet 200 Series, now we are in the process of upgrading to 2000 series Firewalls on our Cloud platform. NSX's Distributed Firewall (DFW) gives one more layer of protection to our esteemed customers.
  2. Reduce the surface area of attack as much as possible by thoroughly reviewing and revisiting all port-forwarding rules to eliminate any non-essential open ports. Every open port represents a potential opening in your network. Use VPN to access resources on the internal network from outside rather than port-forwarding, where ever possible.
    • NxtGen has introduced the above said controls from the very first day. Due to customer specific requirements, we have enabled very few 'any to any' access policies.
    • We have 700+ users using SSL VPN and 250+ IPSec tunnels to access/manage customers' workload through a secured channel. NSX VPN stands as the next level service for customers.
  3. Be sure to properly secure any open ports by applying suitable IPS protection to the rules governing that traffic.
    • IPS and DDoS protections: A few customers are enabled with IPS and IDS. Entire incoming traffic is flowing through DDoS protection.
  4. Apply filter to web and email traffic to ensure all suspicious active files coming in through web downloads and as email attachments are being suitably analysed for malicious behaviour before they get onto your network.
    • NxtGen has enabled web and email protection services. We have customers on different verticals who successfully avail these services.
  5. Minimize the risk of lateral movement within the network by segmenting LANs into smaller, isolated zones or VLANs that are secured and connected by the firewall. Be sure to apply suitable IPS policies, to rules governing the traffic traversing these LAN segments to prevent exploits, worms, and bots from spreading between LAN segments.
    • All customers are enabled with VLANs. We have fulfilled specific requirements of customers with multiple VLAN for Segregation. NSX will enable our customers to go with their own choice of IP addresses and segregations without any depency on NxtGen.
  6. Automatically isolate infected systems. When an infection hits, it is important that your IT security solution can quickly identify compromised systems and automatically isolate them until they can be cleaned up (either automatically or through manual intervention).