Hi there

So we was recently a victim of a ransom ware attack, that's all cleared now and the server is running back to normal, however to prevent this in the future I would like to change some settings on our Vigor2860n. Could someone tell me what configuration changes I should make? I am aware we need to update the firmware so that is covered and I understand we need to change settings within the firewall?, what these settings are is unknown to me.

Thanks

Jamie

There isnt much that the Draytek can do really, yes you can prevent certain file types being downloaded or websites with CSM (if you have the license), but it wont stop you or anyone opening a dodgy file in an email.
Anitvirus software helps, all the latest updates to windows also, but the best solution is backup your data, then backup the backup.
I use Synology NAS boxes and their Active Backup software (free), then I replicate the backup to a different NAS.

Educating your users is also important. Find someone who can provide a training programme. Helping users identify dodgy links and emails should be the first step. Preventing them clicking on bad stuff is better than preventing that click from doing something bad. A good training programme will also include how to detect phishing emails and other things that no firewall in the world can protect you against.

First ensure the 2860 is running the latest firmware.

Enable DOS detection and configure the management console as per Draytek recommendation with SSL enabled. The firewall is enable by default, check that this is still the case.

Ensure you have identified the initial attack entry point.

Ensure every client device runs antivirus, any servers should also.

Ensure the network is correctly segregated, only company devices should attach the main network via wireless, anything else should be via a guest SSID which is segregated from the main network (and shaped/managed as required).