Understanding Our Cyber Defense and Recovery Strategy: A Layered Approach to Mitigating Threats

In today’s rapidly evolving digital landscape, cyber threats are a persistent and complex reality for all schools. At iTCHYROBOT, our cyber defense strategy for your website is built to address various types of threats, emphasising prevention, mitigation, and fast recovery to ensure uninterrupted service. This article provides an overview of how our backup and recovery systems, paired with our comprehensive security measures, help reduce the impact of potential attacks and make sure your school website stays up and running.

1. Cyber Recovery and Threat Mitigation

Effective cyber recovery is not a one-size-fits-all solution; it requires a nuanced understanding of the threats we aim to mitigate. Our strategy reflects decades of experience, focusing on real-world risks such as user compromise (e.g., social engineering, password reuse across platforms) as well as cyber hacks and denial of service vectors. User actions, intentional or accidental, often pose a greater risk than direct attacks on network security as they are often easier to enact and predicated by user complacency.

Backup Strategy: Multi-Layered Data Protection

We have implemented a robust data backup system that ensures data recovery across a wide range of potential scenarios:

  • Daily Backups in Data Center Clusters: This allows for the quick recovery of minor issues, such as accidental file deletions, by restoring files directly from the same data center.
  • Off-Site Cloud Backups: To protect against more severe failures, such as data center outages, we back up all website data to an offsite data center. These off-cluster backups ensure that we can recover data in the event of catastrophic failures.
  • Server Snapshots: All our servers are virtualised, and we take daily, weekly, and monthly snapshots. This enables us to roll back entire servers to a previous point in time, whether to resolve software issues, failed updates, or other major problems.
  • Encrypted Backups: Importantly, all our backups, both on-site and off-site, are encrypted to prevent unauthorised access to data.

2. In-Depth Cyber Security: Multiple Layers of Defense

Our cyber defense strategy is built on the principle of security in depth, with multiple layers of protection designed to minimise the likelihood and impact of a successful attack. Beyond the obvious user access controls these layers include:

  • Hardware Firewalls: Our primary defense line, hardware firewalls, prevents unauthorised access attempts from reaching our servers, offering a barrier to outside threats.
  • Server Firewalls: Acting as an additional layer, this server-based firewall ensures that only legitimate traffic can access services, offering a second line of defense.
  • Web Application Firewall (WAF): WAF provides deep packet inspection, identifying and blocking malicious traffic based on industry-standard rules. This system assesses the intent behind actions, adding an additional filter against potential threats.
  • Fail2Ban: Integrated with our WAF, Fail2Ban scans for repeated malicious actions, such as brute-force login attempts, and automatically blocks offending IP addresses at the firewall level.
  • ImmunifyAV and MalDet (Antivirus and Malware Detection): These tools are crucial for detecting malicious files and potential threats. ImmunifyAV updates its antivirus definitions daily and scans all files uploaded to servers, automatically deleting any flagged items. MalDet scans all servers for known vulnerabilities and reports issues directly to our technical team for immediate attention.

3. Tailored Recovery Solutions for Various Threats

Our defense strategy is designed to handle a wide range of cyber threats, from minor disruptions to full-scale catastrophic failures:

  • Denial of Service (DoS) Attacks: These attacks overwhelm resources to make a website appear offline. We mitigate these attacks using Fail2Ban and firewall rules, which automatically block repeated offenders.
  • Malicious Cyber Attacks: This includes attempts to upload viruses or malware. We mitigate these risks through the combined efforts of MalDet, ImmunifyAV, and WAF.
  • Hardware Failures: As all our servers are virtualized, we utilize server snapshots and backups to ensure we can recover from both minor and major hardware failures, including:
    • VMotion of Virtualized Servers: This allows seamless migration to new hardware in the event of minor failures.
    • Failed Operating System Patches: Snapshots enable us to roll back servers to a previous state if an update causes instability.
    • Full Data Center Failure: Off-site AWS backups ensure full recovery, even if a total data center outage occurs.
  • Accidental File Deletion or Update Failures: With daily backups and snapshots, we can quickly restore systems to their pre-incident state, minimizing downtime and disruption.

4. Secure Access and Monitoring

We enforce strict access control policies to protect our servers from unauthorised access:

  • VPN Access with Dedicated IPs: All server access for maintenance is conducted through Virtual Private Networks (VPNs), and each user is assigned a dedicated IP address.
  • SSH Encrypted Keys for Server Access: Maintenance and access to our servers are performed using SSH encrypted keys. This ensures that every action is logged across multiple locations, allowing us to track exactly who did what, ensuring full accountability and traceability.
  • As with our websites for schools we are heading towards a passwordless organisation for our front servers and infrastructure giving one less component to worry about.

Conclusion

At iTCHYROBOT, we understand that there is no single cyber recovery solution that can address all potential threats. Our comprehensive approach combines a robust backup and recovery strategy with multiple layers of security to mitigate cyber threats effectively. From data breaches to hardware failures, our multi-faceted approach ensures that we can maintain service continuity and quickly recover from disruptions, giving our clients confidence in the resilience of our systems.

This overview highlights just a few of our policies, but rest assured that our entire security and recovery posture is designed to provide maximum protection against the ever-growing range of cyber threats.