Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

anti virus, trojan horses

Posted on 2011-03-24
7
Medium Priority
?
442 Views
Last Modified: 2012-05-11
I wanted to know how I could ensure that a worm/rtojan/backdor program won't continue to run on a network.  Meaning let's say I get a program that comprimises the one system, but how can I make sure the same program does not continue to infect the rest of the network?  If assuming that unplugging the network cable would be one way, but what about when a user does not even realize that their system might have been compromised?
0
Comment
Question by:vulture714
7 Comments
 
LVL 30

Expert Comment

by:Randy Downs
ID: 35210627
You need an up to date anti-virus/firewall that runs on your client PCs and your server. An uncompromised PC should detect anything malicious.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210645
An uncompromized computer cannot detect something that it does not have a definition for.. IE something brand new...  but IMHO that is as close as you can get.. Server managed AV solution, proper firewall config on the network.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210653
Make sure all systems always have up to date windows updates, and networks service program updates (java, flash,etc you can use secunia psi to see what needs updates)

Make sure you are using strong passwords on all computers that are different usernames and passwords on each individual machine. Install a tea timer (super antispyware) or get an AV that includes one (a tea timer notifies you that a program would like to make a change and you can approve or the deny the change)

Have a strong Av (preferbaly as said with a tea timer and internal firewall) I like Nod32 from Eset it is ranked highly on av comparitives. Do not have accounts without strong passwords enabled.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 30

Expert Comment

by:Randy Downs
ID: 35210675
You should also ensure that your network is secure by locking down your routers. No open ports you don't need and strong passwords on any wireless connections.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35210888
The whole concept of "Defense in Depth" comes in to play in network security.
Relying on a single source of AV protection is always asking for trouble.

In addition to AV/Anti-malware on all your systems, you need a good hardware firewall appliance, an Intrusion Detection System, and some users with good common sense (good luck on that last one).

Despite what every one of your users will tell you, not one of them needs "Admin" rights on their systems. Taking away their account privs will not guarantee protection, but it is one heck of first step.

You need to sign up with some of the Network Security sites (http://www.cert.org/http://www.sans.org/) and be ready to respond 25/8 to any/all alerts that come your way.

There really haven't been any "Zero Day" storms in a long time, but that doesn't mean that one won't start before I finish typing this.

Even better than "educated users" are "educated and motivated" Network Security Managers.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210949
Security is a limitless target its more important to know your risk level

Rate of occurrence x by the impact of the event = risk

If the impact of an occurance is incredibly Low and the likelyhood is low then do not spend more on security then the cost of responding to an incident.

One needs to evaluate what the concern is if it is downtime then perhaps a rapid response to restore a computer back to a running state is a better investment in the long run and if its data privacy then consider storing data on encrypted storage that is heavily firewalled and secured. Not know your business I could not give you an adequate security plan but keep in mind there is no one size fits all solution.
0
 
LVL 30

Accepted Solution

by:
Thomas Zucker-Scharff earned 2000 total points
ID: 35211014
We've had a bit of trouble on our network aand found that implementing a perimeter firewall and a good AV solutions on the end users' machines (like NOD32) can prevent virtually all possibilities of infection.  As others have said (read younghv) the sysadmin has to be on top of things.

I have this policy, which you are welcome to use any portion of, that I enforce with my users.  If they don't comply their machines may be taken off the network and they do not receive support.

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

FYI: I changed the requirement to have Microsoft Update activated and downloading updates.  I have found some instances where I want to check the updates first so they don't break our in house applications.  So I now require that either updates be activated OR updates be managed and pushed out by an IT professional.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question