Solved

Securing Client PC's

Posted on 2006-11-23
12
457 Views
Last Modified: 2010-04-11
Hi

We will shortly be moving to an web-banking application in our office, and I'd like to make sure our PC's are as secure as possible. The application itself is secure (SSL, secure authentication methods etc), however I'm interested in people's views on the client machines themselves. We run anti-virus software and a PIX Firewall, but is Spyware a threat? For the moment, we run Ad-Aware on each PC every couple of weeks or so, but is there any application that can stop Spyware in real time? Or any other recommendation against keyloggers etc?

Many thanks in advance...
0
Comment
Question by:Dilan77
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 200 total points
ID: 18002852
Hi Dilan77,
Spyware - or any other 'malware' - is always a concern.

I run 3 spyware apps.

MS Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx) PLUS at least one of the following.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
and/or
Adaware
http://www.lavasoftusa.com/software/adaware/

Systernals also has a 'rootkit revealer' program.
Give it a try: http://www.sysinternals.com/Utilities/RootkitRevealer.html

"SpyBot" has an 'immunization' feature that is updatable and is designed to stop spyware in real time.

I think the single biggest danger for Internet users is the unrestriction 'accept' settings for cookies.
The Default setting is to 'Always Accept' both First and Third party cookies.
We run a Group Policy that changes those settings to 'Prompt' for First and "Always Deny" for Third.

Good Luck,
Vic
0
 
LVL 97

Expert Comment

by:war1
ID: 18003457
Greetings, Dilan77 !
>>but is there any application that can stop Spyware in real time?

Spy Sweeper will protect your computers from spyware in real time. It is considered the best at catching spyware.
http://mysite.webroot.com/forms/Infoworld

>> Or any other recommendation against keyloggers etc?

No one antispyware catches all spyware.  You can run more than one antispyware tool on your computer.  You can use SpySweeper and Adaware.

To prevent spyware, do not visit any porn or ad websites. Do not click on any links or open attachments in emails that you do know.

Best wishes!
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 200 total points
ID: 18006050
If you are really concerned about individual workstation security, you will also want to run firewalls on them to monitor incoming and outgoing traffic.  However, the windows XP firewall will not work, bc it only monitors incoming traffic.  If you have a third party firewall, such as zone alarm (properly configured) it will only allow outgoing traffic that you specify, and can further reduce the impact of spyware viruses, etc.

Spybot will detect some keyloggers, and most likely your AV package will detect some.  In fact, alot of anti-spyware programs will detect keyloggers in particular.  Again, some spyware programs differ in whether they can automatically scan, or if you must manually initiate it or use scheduled tasks to run them.

You can even do network security scans on your network using tools like Nessus, MSBSA, or NMAP
http://www.tenablesecurity.com/products/newt.shtml
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
http://insecure.org/nmap/

You can even hire 3rd parties that will do security analysis on your network by scanning it using utilities similar to the previous mentioned.

You can even implement Intrusion Detection Systems (IDS) which can be purchased (such as a Cisco IDS) or freely available ones such as Snort
http://www.snort.org/

You can even go insanely secure by having all your users use virtual desktops that do not have a permanent store.  If it does get infected, a simple reboot clears it.

Also, you should make sure you secure your network as much as possible at your PIX firewall to protect your internal network.  If you can prevent items coming into your network at the edge, it will save you alot of time working on the internal client security (strictly by a means of cleaning up).  You may even want to implement a  IRP (incident response plan) and Disaster Recovery Plan.  There's alot of good articles on these if you do a simple search.  This way, if something does occur, you will have a laid out plan to follow and rectify the issue prior to it becoming an emergency.  For example, if you discover a computer with a trojan, your first step in the IRP is to disconnect it from the network.

Even if you secure your border at your firewall, there's still alot of unforseen risks internally.  What if someone brings an infected laptop and connects it to a port on your network?  Do you have port security on your switches?  Also, do not forget about wireless.  Let's say you have a neighbor with a wireless router (and their machine is infected).  Someone in your company has a wireless card turned on, connects to their wireless router and gets infected.  You gotta think about a few unforseen scenerios such as that.

Basically it comes down to the fact that there is no 1 single solution for security.  It often depends on having several different layers and methods (active and passive).  It depends on the level of security you want, your budget, and the level of support.  Hope this helps give you some insight.
0
Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

 
LVL 8

Expert Comment

by:deadite
ID: 18006087
I just thought of a few more things...

If you are interested in detecting some wireless devices, you can hook a laptop up and install netstumbler on it (free). http://www.netstumbler.com/

Also, with Snort you can combine it with VLAN's on your network to instantly move infected machines to a quarantine VLAN.  I think it's an interesting idea that I once read about in a few articles.  I can't find the actual articles, but here's a brief one that mentions it:
http://www.networkworld.com/news/2004/0614switchsecurity.html
0
 
LVL 9

Expert Comment

by:tim1731
ID: 18009369
1.install green border on the PC for internet surfing virtual browser (Reset the browser any spyware kept in virtual session)
2.Barracuda networks web filter (Anti spyware and drive by spyware)
3.counterspy from sunbelt software (Spyware)
4.Pandagate or anti virus in transparant mode in front of server
5.Kerio firewall on all PC
6.Firewall with basic IDP in line
7.image all PCs and server with acroncis for fallback
8.rebuild the PCs that are having the banking software to ensure nothing on them to start or online scan using counterspy online and panda activescan
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 18014269
Addressing AV and Spyware alone is not going to be sufficient - if you're running a business-critical banking application, then there's a hell of a lot more you need to do - everything from physical security through to security policies and procedures need to be addressed.
Are you processing credit cards or confidential information?  Has the web app been pen tested?
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 18015711
Best practices are the cornerstone to client/employee PC's. M$ will finally (15 years too late) be implimenting best practices in Vista, most system admins have known about them for ages, yet completely ignore them.
http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://www.eweek.com/article2/0,1759,1891447,00.asp
http://nonadmin.editme.com/WhyNonAdmin  http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx
Best Practices, namely Least User Privilege, protects you from spy-ware and viri more than most commercial or free utilities. You should still run AV, but you won't need anti-spyware anymore.
-rich
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18022900
Thanks everyone, I'm going through the various apps now and will provide feedback soon.

The web app has been pen tested and we won't be handling credit cards. It's a system whereby we can make payments to the bank...no confidential information as such is transmitted across the internet, the bank knows what to do with the info from the codes we put in. To anyone else, these codes don't mean anything.

Appreciate the help...
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18036723
Thanks all...Ad-Aware and Spybot combination, along with Least User Privelege, and a SNORT IDS system seem like what we're going to implement shorlty.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18036894
Thanks Dilan77.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 18036923
If you do implement LUP, you honestly won't need the Anti-Spyware tools, my wife hasn't had any spyware on her pc in years since I switched her, same with our PC's at work, 3000+ users with no more spyware, and we do scan for it just to be safe, which is also what you should do, so I'll remove my foot from my mouth shortly...
-rich
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18036932
lol :)
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question