Monitoring, Watching for Attacks
Recently, Evan noticed a high CPU usage alert for one of our client’s servers. When we took a look, we found that a port was being scanned in an attempt to hack the server. Within minutes, we were able to block the IP address and shut down the attack. What just happened?
Think about a group of kids out on a warm summer night with nothing to do. They walk up and down the street looking in the car windows to see if there are any keys in the ignition, windows down with packages on the seats, anything that looks like easy pickings. If the opportunity presents itself, they act!
In this specific example, someone is scanning a common port looking for a weakness to get in. The activity caused a high usage alert, which lit up on our monitoring board. We essentially brought our packages in the house, locked the car, and took the keys; no entrance!
There are a number of things we can monitor with our Managed Services. Another helpful example is low disk space on a server. If it gets too low, it can cause data corruption, or even lock up completely. We monitor and setup alerts at the warning level, then another alert at the critical level, which is still a level that allows time to take action without damage.
For our Managed anti-virus software, we provide weekly reports, and we also review them ourselves. If there are issues, we send an email or make the phone call to let you know what steps need to be taken by the user, or to get on the machine with you and take specific action.
Your best defenses include monitoring for unusual or unhealthy activity; keeping anti-virus software up-to-date; updated firmware on switches and firewalls; ongoing education regarding unknown email; and staying away from risky websites! — CMW