Security Basics mailing list archives
RE: adding another defence layer against viruses/worms
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Wed, 25 Nov 2009 11:31:16 -0500
I believe your looking for a Heuristic IPS, also called behavioral IPS. Which will take a look at the activities going on your network segment and build a DB of normal activities (PLEASE ensure you are virus, worm, hacker and problem free..). When you decide your DB is big enough, you stop it and run all day-2-day activities against it. Any deviation will be flagged as unauthorized and action will be taken. This will allow you to block new virus/worm while your AV should detect known threats. Understand that these solutions are technical and I would suggest you get help if you're not familiar with these technologies. I like the solutions ob Boaz, especially network segregation. Implementing DMZ will contain (should) attacks. You can also use 2 levels of AV. IE use TrendMicro for network detection and Mcafe for host AV. This will reduce the risk that if one can't detect the threat, maybe the other can. Id also suggests using network proxies. If you break the client-server communication, you might be able to scan your packets deeper and detect attacks before they are sent to the client. Hope this helps :) Philippe Rivest - CEH, Network+, Server+, A+ TransForce Inc. Internal auditor - Information security Verificateur interne - Securite de l'information 8585 Trans-Canada Highway, Suite 300 Saint-Laurent (Quebec) H4S 1Z6 Tel.: 514-331-4417 Fax: 514-856-7541 http://www.transforce.ca/ -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de boaz.shunami () rsa com Envoyé : 25 novembre 2009 02:08 À : juanbabi () yahoo com; security-basics () securityfocus com Objet : RE: adding another defence layer against viruses/worms Hi Juan, I would advise your Client to either: 1. Have solid policy as to what sites are accessible/are not accessible from his branches (can be enforced with bluecoat and the like...) 2. Segregate the network the branches have access to (kind of DMZ) from his LAN using FW. 3. Give low level permissions to the branches on the core. My 2c... Thanks, Boaz -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Juan B Sent: Tuesday, November 24, 2009 4:04 PM To: security-basics () securityfocus com Subject: adding another defence layer against viruses/worms Hi all, I'm doing some security consulting for a client. this client have around 30 remote branches connected to his core. the problem is that sometimes the AV fails to detect new viruses/worms coming from those branches so those viruses/worms mess up his LAN.another problem is that the the client doesn't have much of control over the remote PCs in the branches. so I thought about adding another layer of defence in which we will add an IPS (which Ips detects also viruses/worms??) which will filter and scan all traffic coming from the branches. I just wonder if you guys agree with my suggestion. any comments will be welcomed. BTW, any recomendations for the IPS? thanks a lot juan ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- adding another defence layer against viruses/worms Juan B (Nov 24)
- RE: adding another defence layer against viruses/worms boaz.shunami (Nov 25)
- RE: adding another defence layer against viruses/worms Rivest, Philippe (Nov 26)
- RE: adding another defence layer against viruses/worms Juan B (Nov 26)
- RE: adding another defence layer against viruses/worms Rivest, Philippe (Nov 26)
- RE: adding another defence layer against viruses/worms Rivest, Philippe (Nov 26)
- Message not available
- Message not available
- Re: adding another defence layer against viruses/worms Mohamed Aymen SAHLI (Nov 26)
- RE: adding another defence layer against viruses/worms boaz.shunami (Nov 25)