Protecting your data
Incidents of attacks and hacks on IT systems are sadly on the rise.
One of the latest to make headlines is MongoDB, where it’s claimed that 25% of unsecured internet-accessible MongoDB databases have been hit by a ransomware attack that removes all of the victim’s data and replaces it with a ransom note. It’s live at the moment and numbers have been rising in the last 24 hours.
However, this is not a hack in the traditional sense, as so far it appears that all the affected systems are 'open' databases - those connected to the public internet without a password protecting the administrator account.
What do you need to do to protect against such attacks?
As you may know, Sage X3 components include MongoDB, and as you will have seen in past communications from Sage, as part of common security best-practice, you need to make sure that you have taken the necessary actions to protect all ports on your servers, especially if they are exposed on the public internet.
Right now, we’re issuing this reminder as it is critical that you make sure that you have done this to protect against your data being removed. We would recommend checking:
-
That your system/administrator accounts are password protected
- That no ports on your servers are accessible from the internet. Ensure all ports are protected by firewalls, including the MongoDB port (27017 by default)
3. That the only port you allow access to is the https port, (443 by default) if required.
