Ransomware and DevOps

  • Comments posted to this topic are about the item Ransomware and DevOps

  • A hard lesson I learned is that an environment building from scripts has to be damn careful where it pulls its software from.  You need a local repository where there is the current stable version of all your software and also most up-to-date version of the software.

    There are a number of reasons for this

    • Public repositories can go slow or offline thus crippling your build process
    • Complex software environments my have version dependencies you don't know about.  Take a look at the Hortonworks stack!  A rebuild from latest public versions may break your build.
    • Particularly with Node.js npm packages you need to make sure what their package dependencies are in a safe sandbox.

     

     

  • Good article and the linked to blog post was good as well. I'm reasonably confident that we've got good security protections in place. Our security team seems vigilant at finding and routing out problems. Of course, I'm not privy to everything, but at least from my view, it looks pretty good.

    Kindest Regards, Rod Connect with me on LinkedIn.

  • To me, this is one of those places where you ought to have two stages of building software.

    We don't deploy software to production if it hasn't come from the build process. We want to be sure all our checks are run. I would guess that we really ought to have either a build process for places we pull code (OSS) from and recheck it, or get it from a place on the web that documents a built with static code or pen testing.

  • Steve, your final point about how the insurance industry can help stimulate the progress of enterprise IT security is a good one. It's essentially the same same concept as the relationship between accidents, speeding tickets, and auto insurance rates; and how that system incentivizes safer driving and even contributes to innovations in car design.

     

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • So, how is it possible that an employee (even an IT administrator) clicking on an executable attachment can somehow wipe out the bulk of the organization's databases, network file shares, and backups? Ransomware is essentially a form of trojan  program that runs on the user's desktop, and it only has access to those resources that the user would have. This underscores the need for implementing better user account least privilege polices, desktop access controls, and email attachment protection.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Also network segmenting - https://www.sqlservercentral.com/editorials/segments-for-protection

Viewing 7 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic. Login to reply