Reply to post: Re: It doesn't have to be connected to t'internet

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

Tridac

Re: It doesn't have to be connected to t'internet

Opening an email doesn't run anything if scripting is disabled and if you click on an attachment without being sure who it's from then it's your own fault :-). For linfrastructure and large arganisations, secure setup can be handled via initial machine provisioning and automated, with application software settings locked down. The OS config should be bare bones, with all but needed services disabled by default. Perimeter firewalls should have all but needed ports blocked by default, ideally with separate hardware firewalls between each internal subnet. Wouldn't surprise me to hear that they have smb shares across the global internet with no vpn, but that's a worse case scenario.

Even Win Xp is fine in a properly configured and protected environment, but the whole system must be configured to design out the vulnerabilities. Assume that any network can be broken, given enough resources. Think systems engineering...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019