Security Basics mailing list archives
RE: adding another defence layer against viruses/worms
From: Juan B <juanbabi () yahoo com>
Date: Tue, 1 Dec 2009 18:14:12 -0800 (PST)
Thanks for the good advice. I will take a look at the producet. They also will implent NAC and as I recommended a network level filter they will buy GFI languard to scan the pc's, don’t you think it’s a bit of over kill to implement also core Tracer? Thanks again, juan -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nathan ONeal Sent: Saturday, November 28, 2009 3:39 AM To: security basics Subject: Re: adding another defence layer against viruses/worms Juan, In addition to all of the solid recommendations given previously, I would ask your client how far they are willing to go to prevent these issues. It also matters if all nodes accessing the network are owned and provisioned by your client (for your sake I truly hope so). Assuming these things are true, and they have a some decent network policies in place, I would suggest looking at "white listing" for your end points. We are all aware of how lacking TPM is with no vendor actually providing certificates on the hardware to validate their signed code, but we have had measured success utilizing programs like Prevx and Core Tracer (neither of which I work for by the way) to fill in these gaps. Core Tracer specifically had great success at the last Defcon and from what I saw point us towards the future of endpoint security. At the massive rate that malware is being created and mutated, we have decided that a whitelist approach on the end point is the most effective way to mitigate the majority of problems we were experiencing with endusers. It is my no means a silver bullet and I am not suggesting you abandon proactive event correlation and malware mitigation at the network level, but I know it has saved our team massive amounts of time not only by reducing the number of fires that come up, but also allowing us a little bit of time to test out what the vendor patches break while fixing their own code. Good luck mate. Nathan O'Neal On Nov 26, 2009, at 9:11 PM, aditya mukadam wrote:
Juan, I would highly recommend you few solutions as below : 1) End point Security Check : You can enforce strict PC/Laptop policy (which would make sure that every PC/Laptop has AV/Personal Firewall). Devices like UAC/NAC, can perform end point security check on PC/Laptps while it connects to the network. This will atleast make sure every user has an AV. 2) (Standalone) Content/Protocol Filtering: With this solution, you can make sure that the user traffic passes through an application, which filters the content of the traffic and also does protocol filtering (Example: Websense) 3) Proxy Content Filtering : Since you mentioned that you don't have control this solution would not fit in however its worth considering for future usage. Example: BlueCoat Proxy 4) IPS : I would recommend Tipping Point IPS, Juniper IDP. Hope this helps. Thanks, Aditya Govind Mukadam CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL, CQS-PIX,CQS-VPN http://in.linkedin.com/in/adityamukadam On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi () yahoo com> wrote:Hi all, I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches. I just wonder if you guys agree with my suggestion. any comments will be welcomed. BTW, any recomendations for the IPS? thanks a lot juan --------------------------------------------------------------------- --- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be 442f727d1 --------------------------------------------------------------------- ------------------------------------------------------------------------- -- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4 42f727d1 ---------------------------------------------------------------------- --
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: adding another defence layer against viruses/worms Juan B (Dec 01)
- <Possible follow-ups>
- RE: adding another defence layer against viruses/worms Quark Group - Hilton Travis (Dec 01)
- Re: adding another defence layer against viruses/worms Nathan ONeal (Dec 01)
- RE: adding another defence layer against viruses/worms Juan B (Dec 03)
- RE: adding another defence layer against viruses/worms Juan B (Dec 03)
- Re: adding another defence layer against viruses/worms Kraig Babin (Dec 03)