Solved

Securing Client PC's

Posted on 2006-11-23
12
450 Views
Last Modified: 2010-04-11
Hi

We will shortly be moving to an web-banking application in our office, and I'd like to make sure our PC's are as secure as possible. The application itself is secure (SSL, secure authentication methods etc), however I'm interested in people's views on the client machines themselves. We run anti-virus software and a PIX Firewall, but is Spyware a threat? For the moment, we run Ad-Aware on each PC every couple of weeks or so, but is there any application that can stop Spyware in real time? Or any other recommendation against keyloggers etc?

Many thanks in advance...
0
Comment
Question by:Dilan77
  • 3
  • 2
  • 2
  • +4
12 Comments
 
LVL 38

Accepted Solution

by:
younghv earned 200 total points
ID: 18002852
Hi Dilan77,
Spyware - or any other 'malware' - is always a concern.

I run 3 spyware apps.

MS Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx) PLUS at least one of the following.

SpyBot S&D searches your harddisk for so-called spy- or adbots;
http://security.kolla.de/
and/or
Adaware
http://www.lavasoftusa.com/software/adaware/

Systernals also has a 'rootkit revealer' program.
Give it a try: http://www.sysinternals.com/Utilities/RootkitRevealer.html

"SpyBot" has an 'immunization' feature that is updatable and is designed to stop spyware in real time.

I think the single biggest danger for Internet users is the unrestriction 'accept' settings for cookies.
The Default setting is to 'Always Accept' both First and Third party cookies.
We run a Group Policy that changes those settings to 'Prompt' for First and "Always Deny" for Third.

Good Luck,
Vic
0
 
LVL 97

Expert Comment

by:war1
ID: 18003457
Greetings, Dilan77 !
>>but is there any application that can stop Spyware in real time?

Spy Sweeper will protect your computers from spyware in real time. It is considered the best at catching spyware.
http://mysite.webroot.com/forms/Infoworld

>> Or any other recommendation against keyloggers etc?

No one antispyware catches all spyware.  You can run more than one antispyware tool on your computer.  You can use SpySweeper and Adaware.

To prevent spyware, do not visit any porn or ad websites. Do not click on any links or open attachments in emails that you do know.

Best wishes!
0
 
LVL 8

Assisted Solution

by:deadite
deadite earned 200 total points
ID: 18006050
If you are really concerned about individual workstation security, you will also want to run firewalls on them to monitor incoming and outgoing traffic.  However, the windows XP firewall will not work, bc it only monitors incoming traffic.  If you have a third party firewall, such as zone alarm (properly configured) it will only allow outgoing traffic that you specify, and can further reduce the impact of spyware viruses, etc.

Spybot will detect some keyloggers, and most likely your AV package will detect some.  In fact, alot of anti-spyware programs will detect keyloggers in particular.  Again, some spyware programs differ in whether they can automatically scan, or if you must manually initiate it or use scheduled tasks to run them.

You can even do network security scans on your network using tools like Nessus, MSBSA, or NMAP
http://www.tenablesecurity.com/products/newt.shtml
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
http://insecure.org/nmap/

You can even hire 3rd parties that will do security analysis on your network by scanning it using utilities similar to the previous mentioned.

You can even implement Intrusion Detection Systems (IDS) which can be purchased (such as a Cisco IDS) or freely available ones such as Snort
http://www.snort.org/

You can even go insanely secure by having all your users use virtual desktops that do not have a permanent store.  If it does get infected, a simple reboot clears it.

Also, you should make sure you secure your network as much as possible at your PIX firewall to protect your internal network.  If you can prevent items coming into your network at the edge, it will save you alot of time working on the internal client security (strictly by a means of cleaning up).  You may even want to implement a  IRP (incident response plan) and Disaster Recovery Plan.  There's alot of good articles on these if you do a simple search.  This way, if something does occur, you will have a laid out plan to follow and rectify the issue prior to it becoming an emergency.  For example, if you discover a computer with a trojan, your first step in the IRP is to disconnect it from the network.

Even if you secure your border at your firewall, there's still alot of unforseen risks internally.  What if someone brings an infected laptop and connects it to a port on your network?  Do you have port security on your switches?  Also, do not forget about wireless.  Let's say you have a neighbor with a wireless router (and their machine is infected).  Someone in your company has a wireless card turned on, connects to their wireless router and gets infected.  You gotta think about a few unforseen scenerios such as that.

Basically it comes down to the fact that there is no 1 single solution for security.  It often depends on having several different layers and methods (active and passive).  It depends on the level of security you want, your budget, and the level of support.  Hope this helps give you some insight.
0
 
LVL 8

Expert Comment

by:deadite
ID: 18006087
I just thought of a few more things...

If you are interested in detecting some wireless devices, you can hook a laptop up and install netstumbler on it (free). http://www.netstumbler.com/

Also, with Snort you can combine it with VLAN's on your network to instantly move infected machines to a quarantine VLAN.  I think it's an interesting idea that I once read about in a few articles.  I can't find the actual articles, but here's a brief one that mentions it:
http://www.networkworld.com/news/2004/0614switchsecurity.html
0
 
LVL 9

Expert Comment

by:tim1731
ID: 18009369
1.install green border on the PC for internet surfing virtual browser (Reset the browser any spyware kept in virtual session)
2.Barracuda networks web filter (Anti spyware and drive by spyware)
3.counterspy from sunbelt software (Spyware)
4.Pandagate or anti virus in transparant mode in front of server
5.Kerio firewall on all PC
6.Firewall with basic IDP in line
7.image all PCs and server with acroncis for fallback
8.rebuild the PCs that are having the banking software to ensure nothing on them to start or online scan using counterspy online and panda activescan
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 18014269
Addressing AV and Spyware alone is not going to be sufficient - if you're running a business-critical banking application, then there's a hell of a lot more you need to do - everything from physical security through to security policies and procedures need to be addressed.
Are you processing credit cards or confidential information?  Has the web app been pen tested?
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 100 total points
ID: 18015711
Best practices are the cornerstone to client/employee PC's. M$ will finally (15 years too late) be implimenting best practices in Vista, most system admins have known about them for ages, yet completely ignore them.
http://www.betanews.com/article/Allchin_Suggests_Vista_Wont_Need_Antivirus/1163104965
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://www.eweek.com/article2/0,1759,1891447,00.asp
http://nonadmin.editme.com/WhyNonAdmin  http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx
Best Practices, namely Least User Privilege, protects you from spy-ware and viri more than most commercial or free utilities. You should still run AV, but you won't need anti-spyware anymore.
-rich
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18022900
Thanks everyone, I'm going through the various apps now and will provide feedback soon.

The web app has been pen tested and we won't be handling credit cards. It's a system whereby we can make payments to the bank...no confidential information as such is transmitted across the internet, the bank knows what to do with the info from the codes we put in. To anyone else, these codes don't mean anything.

Appreciate the help...
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18036723
Thanks all...Ad-Aware and Spybot combination, along with Least User Privelege, and a SNORT IDS system seem like what we're going to implement shorlty.
0
 
LVL 38

Expert Comment

by:younghv
ID: 18036894
Thanks Dilan77.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 18036923
If you do implement LUP, you honestly won't need the Anti-Spyware tools, my wife hasn't had any spyware on her pc in years since I switched her, same with our PC's at work, 3000+ users with no more spyware, and we do scan for it just to be safe, which is also what you should do, so I'll remove my foot from my mouth shortly...
-rich
0
 
LVL 2

Author Comment

by:Dilan77
ID: 18036932
lol :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now