I started a new position this year and have many challenges to overcome. There are a lot of things that have been neglected and many changes to be made. One of the changes I was looking at implementing is enabling Windows Firewall locally. I started on a few new servers that I was rolling out and the regional IT staff that support some of our internal systems started to disable these firewalls. When I brought this up they thought I was nuts. Just wait until I start restricting services by IP.
Fast Forward to today and the “Morto” internet worm is spreading via RDP. We don’t have any RDP hosts local that are open to the dangerous world we know as the internet but I can’t vouch for the other dozen sites that are connected at the other end of our MPLS. Now, most of our PC’s don’t have RDP enabled, but PC’s used by management and more importantly the majority of our servers may be susceptible if one PC out of thousands are infected.
I realize more security means more administrative overhead and makes admin jobs harder, but what happens when something like this hits and all of these machines are infected? how much work is that going to take to remedy?
So, what are your thoughts? How far do you go to keep your infrastructure safe?