Security Basics mailing list archives
RE: RES: Best practices for preventing malware in a small businessenvironment?
From: Alex Bolante <alexander.bolante () yahoo com>
Date: Tue, 14 Jun 2011 13:48:06 -0700
To pile onto what Rafael stated, which I agree with, focus on: People Process Technology CIO/CISOs are spending $$$ on people -- awareness, education and training this year. Processes are not only having to be up to par with regulatory compliance, but also industry standards in order to reduce risks. So less manual, more automated where needed/practical. And technology should not only drive down security costs, but also enable your business i.e., increase your security posture. Take a holistic, pragmatic approach. Start there. Cheers, Alex -----Original Message----- From: Rafael.Pandini Sent: Tuesday, June 14, 2011 12:48 PM To: synja () synfulvisions com; larrywidmyer () yahoo com; security-basics () securityfocus com Subject: RES: Best practices for preventing malware in a small businessenvironment? Hi list, IMHO technology isn't enough to protect the users and the network, a combination of technology and educated the users will help you to "implement" a more reliable protection. But always remember that a secure system/network is an utopia and there is no patch for human minds. On technology side, you can implement: - Anti-virus, a good one ! - Some proxy rules to restrict user from accessing some sites (Better is permit only allowed sites). - Some solution to keep users OS/Office/browsers/java/flash/anti-virus updated. Believe me, users are really lazy, even if the update process is click only in a button with the text "Yes, update now" they won't do, the update must be automatically or it won't work. On users side, the user side, what you need is simple, just education. - Train the users about security. - There are some different kind of users, some prefer numbers, other facts, other "abstract ideas", you must win the attention of all of them. - Show cases of hacking and the results of their attacks. Talk about Sony, how many credit cards stolen, some company that have their website defaced, etc... - Show numbers, say things like "Will our customers still believing in us even if all our database is exposed online ?" (marketing guys really fear this phrase !) - Unfortunately security is the market of fear, if the users don't fear an attack, don't matter how many times you say "don't open all .exe files that you receive by e-mail" they will still doing it. - Alert about common attacks, talking on USER language. - Each three months (or when you think that is the time), refresh the topic on user mind. - Monitor the proxy and anti-virus logs to know your company health. - if some user bother you bypassing your protections, infecting stations and other things like that, talk with him, one, two, and three times, and if don't work talk with HR area about it. After the first "evil user" is fired, all others will act like a sheep and respect your authority. Here are my 2 cents. -----Mensagem original----- De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Em nome de Rob Enviada em: terça-feira, 14 de junho de 2011 14:58 Para: larrywidmyer () yahoo com; security-basics () securityfocus com Assunto: Re: Best practices for preventing malware in a small businessenvironment? Create an ACL to deny execute permission for the temp folders for non-admin accounts. Rob ------Original Message------ From: larrywidmyer () yahoo com Sender: listbounce () securityfocus com To: security-basics () securityfocus com Subject: Best practices for preventing malware in a small businessenvironment? Sent: Jun 13, 2011 8:03 PM I'm concerned with my company's employees contracting rootkits via normal websurfing and wanted to find out if there's a good way to prevent this from happening. Antivirus software on the PC's help a little, but they still don't catch everything. Is there something else that can be implemented on my network to help prevent malware being installed through websurfing? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ Sent via BlackBerry by AT&T ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: RES: Best practices for preventing malware in a small businessenvironment? Alex Bolante (Jun 14)
- RE: RES: Best practices for preventing malware in a small businessenvironment? Jim_Montgomery (Jun 15)
- Re: RES: Best practices for preventing malware in a small businessenvironment? Ramki B Ramakrishnan (Jun 16)
- RE: RES: Best practices for preventing malware in a small businessenvironment? Jim_Montgomery (Jun 15)