every day our servers are under more danger of exposure. Trojans and ransomware are becoming more intelligent, able to spread across the network.
Sometimes, a solution to these problems aren't that complicated. In just a few steps we can easily reduce the risk of exposure.
It's simple, if the data is not online, it can not be breached. Is all the online data in your company really needed?
More often than not, I get an Active Directory structure in front of me that make me wonder if the administrator designing it ever read a book about it. Directories with sensitive information, with wrongfully configured permissions, it's incredible. Structure your organization so one department simply can't get into files from the other departments, make shared folders for departments which do share some common data with eachother if really needed, again reducing the access to sensitive data. Imagine, a ransomware outbreak on a network where the admin simply gave permission to the 'everyone' group of all data versus a ransomware outbreak on a beautifully structured file server. In case of the lazy admin all data would be destroyed where the structured admin just loads some backups of the few folders that are actually encrypted on his file server.
The OpenSCAP ecosystem provides multiple tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines. We maintain great flexibility and interoperability, reducing costs of performing security audits.
The OpenSCAP project provides a wide variety of hardening guides and configuration baselines developed by the open source community, ensuring that you can choose a security policy which best suits the needs of your organization, regardless of its size.
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.