eBooks/eGuides

24 Data Center & Hybrid Cloud Security For Dummies, Palo Alto Networks Special Edition These materials are © 2020 John Wiley & Sons, Inc. Any dissemination, distribution, or unauthorized use is strictly prohibited. Ransomware Ransomware has existed in various forms for decades, but in the last few years, criminals have perfected the key components for these types of attacks. Ransomware uses malware to encrypt a victim's data until a ransom is paid — usually in cryptocurrency. Ransomware has become a multimillion-dollar criminal business targeting both individuals and corporations (see the "Ransom- ware: LockerGoga" sidebar in this chapter). Because of its low barriers to entry and effectiveness in extorting ransom payments from its victims, the spread of ransomware has increased expo- nentially in recent years. A typical ransomware attack consists of the following steps: 1. Compromise and control a system or device. Most ransomware attacks begin by using social engineering to trick users into opening an attachment or viewing a malicious link in their web browser. This allows attackers to install malware onto a system and take control. 2. Prevent access to the system. Attackers will either identify and encrypt certain file types or deny access to the entire system. 3. Notify the victim. Though seemingly obvious, attackers and victims often speak different languages and have varying levels of technical capabilities. Attackers must alert the victim about the compromise, state the demanded ransom amount, and explain the steps for regaining access. 4. Accept ransom payment. To receive payment while evading law enforcement, attackers utilize cryptocurrencies such as Bitcoin for the transaction. 5. Restore full access (usually). Attackers must return access to the device(s). Failure to restore the compromised system(s) destroys the effectiveness of the scheme — no one would be willing to pay a ransom if they didn't believe access to their data would be restored. Although an attacker usually restores access to the victim's data after the ransom is paid, there is no "money-back guarantee." There's also no guarantee that the attacker didn't also steal a copy of your data and sell it on the dark web.

• Cover
• Title Page
• Copyright Page
• Table of Contents
• Introduction
• About This Book
• Icons Used in This Book
• Chapter 1 The Evolution of the Data Center
• Understanding the Impact of the Cloud on the Data Center
• Recognizing Security Challenges in the Data Center and Hybrid Cloud
• Looking at Why Legacy Security Infrastructure is Ineffective
• Firewalls
• Intrusion prevention
• Proxies
• Defining Security Requirements
• Gain complete visibility
• Minimize the attack surface
• Automate threat protection
• Chapter 2 Security Challenges in Hybrid Clouds
• Cloud Security and The Shared Responsibility Model
• The Dynamic Nature of Modern Threats
• Ransomware
• Credential theft
• DNS-based attacks
• Targeted "Low-and-Slow" Attacks and APTs
• Chapter 3 Delivering Consistent Security Using Zero Trust
• Gaining Complete Visibility
• Application identification
• User identification
• Content identification
• Minimizing Your Attack Surface with Segmentation
• Using Dynamic Security to Support Moves and Changes
• Chapter 4 Leveraging Unmatched Threat Protection
• The Challenges of Defense in Depth
• What Is a Perimeter?
• Threat Protection Components
• Endpoint protection
• Security orchestration and automation
• Cloud-based threat intelligence
• Chapter 5 Ten Evaluation Criteria for Network Security in the Data Center and Hybrid Cloud Environment
• Safe Enablement of Applications in the Hybrid Cloud
• Identify Users and Enable Appropriate Access
• Comprehensive Threat Protection
• Flexible, Adaptive Integration
• Secure Access for Mobile and Remote Users
• One Comprehensive Policy, One Management Platform
• Cloud Ready
• Automate Routine Tasks and Focus on the Threats That Matter
• Flexible Deployment Options
• Consume New Innovations Easily in a Broad Partner Ecosystem
• Glossary
• EULA