Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Next
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
Twitch
YouTube
Facebook (EN Publishing)
Facebook (EN World)
Twitter
Instagram
TikTok
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
The
VOIDRUNNER'S CODEX
is coming! Explore new worlds, fight oppressive empires, fend off fearsome aliens, and wield deadly psionics with this comprehensive boxed set expansion for 5E and A5E!
Community
Meta - Forums About Forums
Meta
Thank you morrus!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="Janx" data-source="post: 6058074" data-attributes="member: 8835"><p>I was going to ask, if some kind of security audit could be performed. Basically, get a third party to assess firewalls, etc. Maybe not a fancy shop, but a friend of EN World who is versant in such.</p><p></p><p>I'm not volunteering anything, just that from my own experience of running IT, the original guy who set up our firewalls may have been certified in the firewall product he chose, but that doesn't mean he did everything the best way, or didn't have some accidental holes, or even chose what the industry considers a decent product.</p><p></p><p>Hypothetically, you guys need to make sure your firewall is locked down tight. If you don't have control of that at the network infrastructure level, then at the server level.</p><p></p><p>If it took days to restore the server, recovery plans may need to be tightened up. Nowadays, everybody is running on Virtual machines. That makes it possible to create snapshots, or at least backup the 2 files that represent the server instance. Retaining copies of those once a week would mean you can QUICKLY pop those files back into place, to get the server up and running.</p><p></p><p>these things won't guarantee safety, but they help make things easier. There's no reason* you shouldn't have been able to snap an older copy of the server image back into place. We'd have lost a few posts, but you'd be back in position, perhaps taking time to secure whatever brought the site down the first time, before bringing it online.</p><p>*well, except for not being configured and ready for it</p><p></p><p>I have no clue what actually happened. I've been in the position of having the IP for my mail server spoofed by an external agency and being black listed by SpamHaus. That means, the bad guy was outside my network and impossible for us to repair because there was nothing infected or invaded in my network. The best we could do was change IP addresses.</p><p></p><p>My sympathies, and congratulations on bringing the system back up.</p><p></p><p>While the wound is still fresh, review what happened and check and improve your security and recovery process. it will help reduce the damage that you suffered, not just in downtime.</p></blockquote><p></p>
[QUOTE="Janx, post: 6058074, member: 8835"] I was going to ask, if some kind of security audit could be performed. Basically, get a third party to assess firewalls, etc. Maybe not a fancy shop, but a friend of EN World who is versant in such. I'm not volunteering anything, just that from my own experience of running IT, the original guy who set up our firewalls may have been certified in the firewall product he chose, but that doesn't mean he did everything the best way, or didn't have some accidental holes, or even chose what the industry considers a decent product. Hypothetically, you guys need to make sure your firewall is locked down tight. If you don't have control of that at the network infrastructure level, then at the server level. If it took days to restore the server, recovery plans may need to be tightened up. Nowadays, everybody is running on Virtual machines. That makes it possible to create snapshots, or at least backup the 2 files that represent the server instance. Retaining copies of those once a week would mean you can QUICKLY pop those files back into place, to get the server up and running. these things won't guarantee safety, but they help make things easier. There's no reason* you shouldn't have been able to snap an older copy of the server image back into place. We'd have lost a few posts, but you'd be back in position, perhaps taking time to secure whatever brought the site down the first time, before bringing it online. *well, except for not being configured and ready for it I have no clue what actually happened. I've been in the position of having the IP for my mail server spoofed by an external agency and being black listed by SpamHaus. That means, the bad guy was outside my network and impossible for us to repair because there was nothing infected or invaded in my network. The best we could do was change IP addresses. My sympathies, and congratulations on bringing the system back up. While the wound is still fresh, review what happened and check and improve your security and recovery process. it will help reduce the damage that you suffered, not just in downtime. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
Meta - Forums About Forums
Meta
Thank you morrus!
Top