Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 445
  • Last Modified:

anti virus, trojan horses

I wanted to know how I could ensure that a worm/rtojan/backdor program won't continue to run on a network.  Meaning let's say I get a program that comprimises the one system, but how can I make sure the same program does not continue to infect the rest of the network?  If assuming that unplugging the network cable would be one way, but what about when a user does not even realize that their system might have been compromised?
0
vulture714
Asked:
vulture714
1 Solution
 
Randy DownsOWNERCommented:
You need an up to date anti-virus/firewall that runs on your client PCs and your server. An uncompromised PC should detect anything malicious.
0
 
Hutch_77Commented:
An uncompromized computer cannot detect something that it does not have a definition for.. IE something brand new...  but IMHO that is as close as you can get.. Server managed AV solution, proper firewall config on the network.
0
 
cripplecaptainCommented:
Make sure all systems always have up to date windows updates, and networks service program updates (java, flash,etc you can use secunia psi to see what needs updates)

Make sure you are using strong passwords on all computers that are different usernames and passwords on each individual machine. Install a tea timer (super antispyware) or get an AV that includes one (a tea timer notifies you that a program would like to make a change and you can approve or the deny the change)

Have a strong Av (preferbaly as said with a tea timer and internal firewall) I like Nod32 from Eset it is ranked highly on av comparitives. Do not have accounts without strong passwords enabled.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Randy DownsOWNERCommented:
You should also ensure that your network is secure by locking down your routers. No open ports you don't need and strong passwords on any wireless connections.
0
 
younghvCommented:
The whole concept of "Defense in Depth" comes in to play in network security.
Relying on a single source of AV protection is always asking for trouble.

In addition to AV/Anti-malware on all your systems, you need a good hardware firewall appliance, an Intrusion Detection System, and some users with good common sense (good luck on that last one).

Despite what every one of your users will tell you, not one of them needs "Admin" rights on their systems. Taking away their account privs will not guarantee protection, but it is one heck of first step.

You need to sign up with some of the Network Security sites (http://www.cert.org/http://www.sans.org/) and be ready to respond 25/8 to any/all alerts that come your way.

There really haven't been any "Zero Day" storms in a long time, but that doesn't mean that one won't start before I finish typing this.

Even better than "educated users" are "educated and motivated" Network Security Managers.
0
 
cripplecaptainCommented:
Security is a limitless target its more important to know your risk level

Rate of occurrence x by the impact of the event = risk

If the impact of an occurance is incredibly Low and the likelyhood is low then do not spend more on security then the cost of responding to an incident.

One needs to evaluate what the concern is if it is downtime then perhaps a rapid response to restore a computer back to a running state is a better investment in the long run and if its data privacy then consider storing data on encrypted storage that is heavily firewalled and secured. Not know your business I could not give you an adequate security plan but keep in mind there is no one size fits all solution.
0
 
Thomas Zucker-ScharffSystems AnalystCommented:
We've had a bit of trouble on our network aand found that implementing a perimeter firewall and a good AV solutions on the end users' machines (like NOD32) can prevent virtually all possibilities of infection.  As others have said (read younghv) the sysadmin has to be on top of things.

I have this policy, which you are welcome to use any portion of, that I enforce with my users.  If they don't comply their machines may be taken off the network and they do not receive support.

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

FYI: I changed the requirement to have Microsoft Update activated and downloading updates.  I have found some instances where I want to check the updates first so they don't break our in house applications.  So I now require that either updates be activated OR updates be managed and pushed out by an IT professional.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now