Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17

From: Frank Knobbe <frank () knobbe us>
Date: Wed, 24 Mar 2010 14:17:43 -0500
On Wed, 2010-03-24 at 00:18 -0500, Will Metcalf wrote:

Some of these apply to client-side and some are more general, it is
just my opinion so take it for what it's worth.

1. If your environment permits, don't allow normal users to download
executable content from non-trusted sites [...]



2. Don't allow your users to have administrative access to their
workstations. [...]



3. Deploy some sort of HIPS product, [...]



I would add:

4) Run an executable white-listing driver on your Window machine.

I think it's clear now that on Windows machines, you really have to
resort to these measures to keep them clean :)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: