Security Basics mailing list archives

RE: Best practices for preventing malware in a small business environment?

From: "Murray, Mike" <MMurray () csuchico edu>
Date: Thu, 16 Jun 2011 06:24:08 -0700

Don't forget application whitelisting. Great for stopping malware.

Mike

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of krymson () gmail com
Sent: Wednesday, June 15, 2011 2:04 PM
To: security-basics () securityfocus com
Subject: Re: Best practices for preventing malware in a small business environment?

Some great suggestions already. I may duplicate a bit. I'll also try to be sensitive to your situation as a small 
business, where you might not have much time and budget to be fancy.

- user education on safe browsing; take special care for high risk employees (accounting!) to point out specifically 
why they may be high risk, such as recent ACH payment/banking login trojans and money transfer incidents with banks.

- patch workstations religiously (auto-update)

- get some halfway decent endpoint antimalware. Blah blah won't protect against everything blah blah...but every little 
bit helps. Make sure it stays updated. Alerts hopefully could be sent directly to you.

- don't allow users run as local admins

- try to acquire some sort of web filter software or appliance. They usually are worth the money in the knowledge they 
provide in keeping blocklists up to date.

- if you can, make sure your border firewall blocks egress traffic except what you need. Again, won't stop a rootkit 
heading out on port 80/443, but you'll stop things like a WebDAV/SMB client attack or other strange stuff. And stop 
some other risky user behavior.

- try to build a policy that you get to inspect and "clean" workstations on a regular basis. This really only works in 
small environments, but the more hands-on with systems and potential education time you can give people, the better 
you'll be able to spot what gets through or what measures aren't holding up.


This is all where I'd start. There's a whole host of other more detailed things you can do to fill in the cracks in the 
above stuff, like centralized application installations, app inventories, tightened endpoint IPS/IDS/FW policies, 
executable execution logging, and so on.


<- snip ->
I'm concerned with my company's employees contracting rootkits via normal websurfing and wanted to find out if there's 
a good way to prevent this from happening. Antivirus software on the PC's help a little, but they still don't catch 
everything. Is there something else that can be implemented on my network to help prevent malware being installed 
through websurfing?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Best practices for preventing malware in a small business environment?, (continued)
- RE: Best practices for preventing malware in a small business environment? Brian Fritts (Jun 14)
  - Re: Best practices for preventing malware in a small business environment? Russell Wickless (Jun 14)
  - Re: Best practices for preventing malware in a small business environment? Michael Painter (Jun 14)
    - Re: Best practices for preventing malware in a small business environment? Marco M. Morana (Jun 17)
  - Re: Best practices for preventing malware in a small business environment? Dan Daloia (Jun 18)
- Re: Best practices for preventing malware in a small business environment? Ansgar Wiechers (Jun 14)
- RE: Best practices for preventing malware in a small business environment? Mark Brunner (Jun 17)
- Re: Best practices for preventing malware in a small business environment? gold flake (Jun 18)
- Re: Re: Best practices for preventing malware in a small business environment? larrywidmyer (Jun 14)
- Re: Best practices for preventing malware in a small business environment? krymson (Jun 17)
  - RE: Best practices for preventing malware in a small business environment? Murray, Mike (Jun 17)