Beware of pages that require software installation. Do not allow new software installation from your browser unless you absolutely trust both the Web page and the provider of the software.
Scan with an updated antivirus and anti-spyware software any program downloaded through the Internet. This includes any downloads from P2P networks, through the Web and any FTP server regardless of the source.
Beware of unexpected strange-looking emails, regardless of their sender. Never open attachments or click on links contained in these email messages.
Enable the “Automatic Update” feature in your Windows operating system and apply new updates as soon as they are available.
Always have an antivirus real-time scan service. Monitor regularly that it is being updated and that the service is running.
Deploy HTTP-scanning methods. Due to the prevalence of web threats, it is highly recommended to implement web-scanning systems in mid to large-size networks. Not only is it advisable to deploy these, but also to make sure that users cannot bypass them. The most secure way to implement such a system is to force users to forward all web requests to the scanning device and deny them otherwise. Closing this gap is key in the fight against malware and spyware, since the web has become the number one point of entry in the corporate network.
Do not allow unneeded protocols to enter the corporate network. The most dangerous of them are P2P communication protocols and IRC (chat). These two are part of the bot arsenal of weapons to propagate and communicate with their botmaster and should be disallowed in the corporate firewall.
Deploy vulnerability scanning software in the network. Having the operating systems constantly up-to-date can minimize the impact of any new network vulnerability and diminish the risk of being infected by these kinds of worms. It is highly recommended to keep all other applications patched as well. This includes especially office productivity applications and all other software that users utilize.
Restrict user privileges of all network users. Kernel-level rootkits are implemented as device drivers and therefore, denying users the right to “load and unload device drivers” will largely stop them. Windows Vista already provides a protection feature to prevent this by default. Other malware use administrator-level capabilities to perform other malicious actions. It is wise to limit what a rogue program can do by limiting its user privileges. This is accomplished by depriving normal users of administrator rights.
Deploy corporate anti-spyware scanning. As they are becoming prevalent threats for corporate businesses, the administrators need to deploy specific software to detect and stop them.
Support User Awareness campaigns. Most of the attacks utilized nowadays by malware try to fool the user. This is called social engineering and is especially important to take it into account, as it is key in almost every infection. Most of the malware detected in 2006 would not have done any damage had the user not clicked on the malware. We can minimize the effect of malware in our networks by showing our users how attackers try to fool them. We must teach users basic security measures and how to react to typical attack scenarios. This goes a long way towards preventing internal outbreaks in the company. It is important to keep the users up-to-date with new attacking strategies, as well as bring new users up to speed with company security policies and recommendations.
Save & Share
