Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17
From: Frank Knobbe <frank () knobbe us>
Date: Wed, 24 Mar 2010 14:17:43 -0500
On Wed, 2010-03-24 at 00:18 -0500, Will Metcalf wrote:
Some of these apply to client-side and some are more general, it is just my opinion so take it for what it's worth. 1. If your environment permits, don't allow normal users to download executable content from non-trusted sites [...]
2. Don't allow your users to have administrative access to their workstations. [...]
3. Deploy some sort of HIPS product, [...]
I would add: 4) Run an executable white-listing driver on your Window machine. I think it's clear now that on Windows machines, you really have to resort to these measures to keep them clean :) Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17, (continued)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Matt Olney (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Alex Kirk (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Joel Esler (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Frank Knobbe (Mar 24)