Security Basics mailing list archives
RE: Best practices for preventing malware in a small business environment?
From: "Mark Brunner" <kohi10 () rogers com>
Date: Tue, 14 Jun 2011 19:02:56 -0400
There are a number of things that can be implemented Larry. Remember though, the rootkit is not likely the end-game, just a tool to keep the real payload in place and undetected. The real payload is generally some form of data exfiltration program (keylogger, botnet, worm, APT...). I recommend a combination of 2 or more solutions in conjunction with end-point and email gateway anti-virus products. 1) Content Filtering - Use a product like BlueCoat or WebSense to filter out the bulk of the badness. It does this by keeping a database of known malware sites, sites providing content in breach of your assigned policies, and additional modules that provide more granular scoping. 2) Spam Filterng - Yes, email is the conduit for so much web-based malware. People still can't resist a juicy link. 3) System Integrity Checking - Install a product that maintains hashes of all executable files, DLLs, and other assets that are not expected to change over time. DEP is one basic form that is included with Windows, but there are many others out there. Symantec, CA and Comodo all have them. 4) Behavioral Analysis - No not a shrink, a product that works at the end-point and/or the network level that looks for anomalies, such as Word now using a new protocol to communicate to the Internet, or repeated calls to a particular website from one workstation. 5) IDS Systems - You can and should manage your Intrusion Detection Systems to fire on specific characteristics of malware. Good for botnet and worm detection. 6) Monitoring - Use netflow, router graphers, sniffers, protocol analyzers, and other "IT tools" to understand, baseline, and investigate your network. If you don't know how the traffic looks, and don't know why it looks that way, how will you ever know when something unusual occurs? 7) Awareness Training - Bring in some experts to talk to users about the malware that they have seen, the recommendations that they can offer regarding behavior modifications, and steps to take when compromise is suspected. Outsiders are still viewed as more influential than "Joe in IT" when it comes to expressing and impressing. I'm sure there are others, these are just the 7 that spring immediately to mind. Mark B Information Security Manager & IT Consultant Greater Toronto Area, Ontario Canada My Blog: kohi10.wordpress.com CONFIDENTIALITY NOTICE: This e-mail and any attached documents may contain confidential or legally privileged information that is intended only for the named recipient(s). Delivery of this message to any person other than the intended recipient(s) is not intended in any way to waive privilege or confidentiality. Unauthorized use, dissemination or copying is prohibited. If you have received this communication in error, please notify the sender and destroy all copies of this e-mail. Thank you for your cooperation. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of larrywidmyer () yahoo com Sent: Monday, June 13, 2011 8:04 PM To: security-basics () securityfocus com Subject: Best practices for preventing malware in a small business environment? I'm concerned with my company's employees contracting rootkits via normal websurfing and wanted to find out if there's a good way to prevent this from happening. Antivirus software on the PC's help a little, but they still don't catch everything. Is there something else that can be implemented on my network to help prevent malware being installed through websurfing? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Best practices for preventing malware in a small business environment? larrywidmyer (Jun 14)
- Re: Best practices for preventing malware in a small business environment? Catalin Pop (Jun 14)
- RE: Best practices for preventing malware in a small business environment? Brian Fritts (Jun 14)
- Re: Best practices for preventing malware in a small business environment? Russell Wickless (Jun 14)
- Re: Best practices for preventing malware in a small business environment? Michael Painter (Jun 14)
- Re: Best practices for preventing malware in a small business environment? Marco M. Morana (Jun 17)
- Re: Best practices for preventing malware in a small business environment? Dan Daloia (Jun 18)
- Re: Best practices for preventing malware in a small business environment? Ansgar Wiechers (Jun 14)
- RE: Best practices for preventing malware in a small business environment? Mark Brunner (Jun 17)
- Re: Best practices for preventing malware in a small business environment? gold flake (Jun 18)
- <Possible follow-ups>
- Re: Re: Best practices for preventing malware in a small business environment? larrywidmyer (Jun 14)
- Re: Best practices for preventing malware in a small business environment? krymson (Jun 17)
- RE: Best practices for preventing malware in a small business environment? Murray, Mike (Jun 17)