Security Basics mailing list archives

RE: adding another defence layer against viruses/worms

From: Juan B <juanbabi () yahoo com>
Date: Tue, 1 Dec 2009 18:14:12 -0800 (PST)

Thanks for the good advice. I will take a look at the producet.

They also will implent NAC and as I recommended a network level filter they will buy GFI languard to scan the pc's, 
don’t you think it’s a bit of over kill to implement also core Tracer?

Thanks again,

juan

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Nathan ONeal
Sent: Saturday, November 28, 2009 3:39 AM
To: security basics
Subject: Re: adding another defence layer against viruses/worms

Juan,

In addition to all of the solid recommendations given previously, I would ask your client how far they are willing to 
go to prevent these issues. It also matters if all nodes accessing the network are owned and  provisioned by your 
client (for your sake I truly hope so). Assuming these things are true, and they have a some decent network policies in 
place, I would suggest looking at "white listing" for your end points. We are all aware of how lacking TPM is with no 
vendor actually providing certificates on the hardware to validate their signed code, but we have had measured success 
utilizing programs like Prevx and Core Tracer (neither of which I work for by the way) to fill in these gaps.

Core Tracer specifically had great success at the last Defcon and from what I saw point us towards the future of 
endpoint security. At the massive rate that malware is being created and mutated, we have decided that a whitelist 
approach on the end point is the most effective way to mitigate the majority of problems we were experiencing with 
endusers. It is my no means a silver bullet and I am not suggesting you abandon proactive event correlation and malware 
mitigation at the network level, but I know it has saved our team massive amounts of time not only by reducing the 
number of fires that come up, but also allowing us a little bit of time to test out what the vendor patches break while 
fixing their own code. Good luck mate.

Nathan O'Neal

On Nov 26, 2009, at 9:11 PM, aditya mukadam wrote:

Juan,

I would highly recommend you few solutions as below :

1) End point Security Check : You can enforce strict PC/Laptop policy
(which would make sure that every PC/Laptop has AV/Personal Firewall).
Devices like UAC/NAC, can perform end point security check on
PC/Laptps while it connects to the network. This will atleast make
sure every user has an AV.
2) (Standalone) Content/Protocol Filtering: With this solution, you
can make sure that the user traffic passes through an application,
which filters the content of the traffic and also does protocol
filtering (Example: Websense)
3) Proxy Content Filtering : Since you mentioned that you don't have
control this solution would not fit in however its worth considering
for future usage. Example: BlueCoat Proxy
4) IPS : I would recommend Tipping Point IPS, Juniper IDP.

Hope this helps.

Thanks,
Aditya Govind Mukadam
CISSP,CEH,JNSA-Advanced Security, JNCIA-UAC, JNCIA_SSL,
CQS-PIX,CQS-VPN http://in.linkedin.com/in/adityamukadam



On Tue, Nov 24, 2009 at 7:33 PM, Juan B <juanbabi () yahoo com> wrote:

Hi all,

I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. 
the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those 
viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote 
PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips 
detects also viruses/worms??) which will filter and scan all traffic coming from the branches.

I just wonder if you guys agree with my suggestion.

any comments will be welcomed.

BTW,

any recomendations for the IPS?

thanks a lot
juan




---------------------------------------------------------------------
--- Securing Apache Web Server with thawte Digital Certificate In
this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be
442f727d1
---------------------------------------------------------------------
---


----------------------------------------------------------------------
-- Securing Apache Web Server with thawte Digital Certificate In this
guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it 
benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be4
42f727d1
----------------------------------------------------------------------
--

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and
who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Re: adding another defence layer against viruses/worms Juan B (Dec 01)
- <Possible follow-ups>
- RE: adding another defence layer against viruses/worms Quark Group - Hilton Travis (Dec 01)
- Re: adding another defence layer against viruses/worms Nathan ONeal (Dec 01)
- RE: adding another defence layer against viruses/worms Juan B (Dec 03)
- RE: adding another defence layer against viruses/worms Juan B (Dec 03)
- Re: adding another defence layer against viruses/worms Kraig Babin (Dec 03)