Security Basics mailing list archives

Re: Re: Help with guidlines

From: krymson () gmail com
Date: 8 Dec 2006 19:15:59 -0000

Start out with a statement saying any system that is assigned offsite and comes into your network needs to be examined
before being allowed on your network.

Next, make some steps to check the systems. Obviously these shouldn't necessarily be 2 hours' worth of steps, but
something quick and painless before plugging it into a network.

- Check that an antivirus and/or firewall and/or HIDS (depending on what you use) is installed and signatures are
updated to newest versions.
- Run an AV scan.
- Run a spyware scan.
- If the user is kinda waiting around, strike up a conversation on where they've been, how the system is performing,
does it slow down or crash a lot, etc.
- check running processes for anything odd
- check startup locations for anything odd that starts up on boot
- check User accounts for anything odd
- start up or try to run netstat, task manager, process explorer (really, you just want to see if some rogue process is
blocking these...a sure giveaway of a contaminated system)

If you have enough equipment and knowledge, set up your network to VLAN off a list of systems (which includes your
offsite systems) to their own VLAN and just give them access to what they absolutely need.

This won't catch everything, but will raise the bar and should catch the easy stuff that is sometimes the most
destructive on a network.

Of note, this can also be a good time to run some automated scans of the system should you have some time; kind of like
a quarterly checkup. Dump an inventory, run something like MBSA, back-up known file stores (mail, desktop, mydocs), run
unpdates...

<--snip-->
Sorry for the confusion, I am looking for help with Best Practice
guides on how to handle PCs that come in for services where the status
in unknown. Most often these are the "Road Warrior" Laptops.

New computers I am working on changing the methods they use. I have
plenty of ideas and background to work with in house. The Outbreak
issue is not an issue either as I have management on my side.

Chris.

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------

Current thread:

Fwd: Help with guidlines Chris Barber (Dec 07)
- RE: Help with guidlines David Gillett (Dec 08)
- Re: Help with guidlines Justin Lintz (Dec 08)
  - Re: Help with guidlines Chris Barber (Dec 08)
- <Possible follow-ups>
- RE: Help with guidlines Mark Palmer (Dec 08)
- Re: Re: Help with guidlines krymson (Dec 12)