As I mentioned in the last blog post, I'm doing a lot of work with Acronis CyberProtect. Which made me think I ought to go back and have a look at what makes a CyberFit Score, and how much I agree or otherwise with the components.
Illustrations in here are from a Windows laptop running Windows 11 Pro. Not all of the items would be implemented for a Linux box, so let's stick with Windows.
What does Acronis tell us comprises a CyberFit Score? (You click the image to make it bigger)
So the important items to Acronis are:
- do you have anti-malware installed?
- do you have backups?
- is the firewall enabled?
- do you have a VPN?
- is disk encryption enabled?
- are you blocking outgoing NTLM traffic?
My question here is to ask why are those important. Acronis are a security company, they provide many of the tools you would need to get a high score. It isn't exhaustive, they have a lot of tools, why these?
Anti-malware is a given. My first exposure to Acronis was a free antivirus tool. That was a long time ago. It was OK but it did give me an unrealistic view of Acronis when I was encouraged to look at it's features as little as five years ago. Acronis cares about anti-malware, which encompasses anti-virus, active monitoring and safe computing. Acronis will give you top marks if you have some anti-malware installed, Windows Defender included.
Backup? My next exposure to Acronis was True Image. I bought a couple of licences for small systems. It worked, it was easy. So they have a backup pedigree. Everyone needs some kind of backup. No matter how secure you are, things go wrong, there are 0-day vulnerabilities. Backups get you back online after an issue. And there's that guy in Wales who really really wishes he has a backup of his crypto wallet. (https://en.wikipedia.org/wiki/Bitcoin_buried_in_Newport_landfill)
Firewalling is one of those things that is not a yes/no proposition. It depends a lot on what you're doing, where it is, what you want to protect. For most people firewall on is a good idea. And the score is a yes/no, it doesn't check what you are protecting. So turning it on for the most obvious ports is a good idea. But look at your firewall settings.
VPN is about what you do and where you do it. I have VPN software on my laptops and computers I travel with. It's on my phone. I don't need it on a machine that is serving a printer in the office, and I probably don't need it for most desktop computer use. So not having one isn't an immediate problem.
Dis encryption, especially for encryption at rest, is a good thing. Even if you are not really concerned about data on the machine, you might care when you decommission it. I always do manual disabling of disposed hardware -- drill press, hammer, heat. That is also after deleting all data and usually running something like DBAN over the drive (https://dban.org). Not everyone is so careful or paranoid. So encryption at rest should be applied to everything. When your drive is salvaged by someone else, crypted data is no use to them.
On the other hand, don't be one of those caught in the CrowdStrike issue last year, where people found that they didn't have their BitLocker keys so that decryption and access became a problem. Crypto is good, if you do sensible key management.
And then we get to NTLM traffic. It's potentially bad, it does make some compromises possible. But it might also stop you from using Remote Desktop when you need it. So I usually have it disabled, and then re-enable it when I need it. That can be a pain, so pick your battles.
What all this comes down to is that the CyberFit Score is a good guide, bit chasing that 100% may not fit your needs exactly.
