RE: Best practices for preventing malware in a small business environment?

["Mark Brunner" <kohi10 () rogers com>]

There are a number of things that can be implemented Larry.  Remember
though, the rootkit is not likely the end-game, just a tool to keep the real
payload in place and undetected.  The real payload is generally some form of
data exfiltration program (keylogger, botnet, worm, APT...).  I recommend a
combination of 2 or more solutions in conjunction with end-point and email
gateway anti-virus products.

1) Content Filtering - Use a product like BlueCoat or WebSense to filter out
the bulk of the badness.  It does this by keeping a database of known
malware sites, sites providing content in breach of your assigned policies,
and additional modules that provide more granular scoping.

2) Spam Filterng - Yes, email is the conduit for so much web-based malware.
People still can't resist a juicy link.

3) System Integrity Checking - Install a product that maintains hashes of
all executable files, DLLs, and other assets that are not expected to change
over time.  DEP is one basic form that is included with Windows, but there
are many others out there.  Symantec, CA and Comodo all have them.

4) Behavioral Analysis - No not a shrink, a product that works at the
end-point and/or the network level that looks for anomalies, such as Word
now using a new protocol to communicate to the Internet, or repeated calls
to a particular website from one workstation.

5) IDS Systems - You can and should manage your Intrusion Detection Systems
to fire on specific characteristics of malware.  Good for botnet and worm
detection.

6) Monitoring - Use netflow, router graphers, sniffers, protocol analyzers,
and other "IT tools" to understand, baseline, and investigate your network.
If you don't know how the traffic looks, and don't know why it looks that
way, how will you ever know when something unusual occurs?

7) Awareness Training - Bring in some experts to talk to users about the
malware that they have seen, the recommendations that they can offer
regarding behavior modifications, and steps to take when compromise is
suspected.  Outsiders are still viewed as more influential than "Joe in IT"
when it comes to expressing and impressing.

I'm sure there are others, these are just the 7 that spring immediately to
mind.

Mark B
Information Security Manager & IT Consultant 
Greater Toronto Area, Ontario Canada
My Blog: kohi10.wordpress.com


CONFIDENTIALITY NOTICE: This e-mail and any attached documents may contain
confidential or legally privileged information that is intended only for the
named recipient(s). Delivery of this message to any person other than the
intended recipient(s) is not intended in any way to waive privilege or
confidentiality.  Unauthorized use, dissemination or copying is prohibited.
If you have received this communication in error, please notify the sender
and destroy all copies of this e-mail.  Thank you for your cooperation.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of larrywidmyer () yahoo com
Sent: Monday, June 13, 2011 8:04 PM
To: security-basics () securityfocus com
Subject: Best practices for preventing malware in a small business
environment?

I'm concerned with my company's employees contracting rootkits via normal
websurfing and wanted to find out if there's a good way to prevent this from
happening.  Antivirus software on the PC's help a little, but they still
don't catch everything.  Is there something else that can be implemented on
my network to help prevent malware being installed through websurfing?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------