Re: proactive blocking of malware threats

[Curt Shaffer <cshaffer () gmail com>]

I wanted to ask something on one of your suggestions here. On number 3. This seems like a good idea. Are you putting 
some kind of wildcard in and forbidding all directories then putting in your allow for %programfiles% and %windir%? Or 
is it that when you enable software restrictions that there is an implicit deny unless mentioned otherwise? I guess I'm 
also wondering how things like Java and active x controls are working in this case. 


On Jan 26, 2010, at 5:21 PM, martin wrote:

> Well, my list is by no means exhaustive, and I'm not even 100% sure
> it's what you're looking for.  But I'll throw it out there anyway, it
> might get you thinking :0) guess:
>
> 1.  IDP
> 2.  Different AV's at different entry points to the network - eg
> Norton on your proxies, symantec on your mail servers and trend micro
> on your desktops
> 3.  Software Restriction Policiees:
> most users don't need to run executibles from their profile, they only
> need to run the ones installed in %programfiles% or %windir%.  So
> blocking any exe's and scripts from running under the user profile
> would prevent some malware from getting through.  Of course this
> depends on you having Windows desktops with XP or later and an AD
> environment.  It'll need some testing though - we partially use it and
> found that some badly written apps (installed in C:\Program Files)
> write exe's to the user profile temporarially ... I have to emphasise
> though, there was just one (so far !!)
> 4.  Goes without saying ... LUA !!
>
> Anyway, not too sure if this is what you were looking for, but
> hopefully it might help
>
> M
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------