Solved

anti virus, trojan horses

Posted on 2011-03-24
7
436 Views
Last Modified: 2012-05-11
I wanted to know how I could ensure that a worm/rtojan/backdor program won't continue to run on a network.  Meaning let's say I get a program that comprimises the one system, but how can I make sure the same program does not continue to infect the rest of the network?  If assuming that unplugging the network cable would be one way, but what about when a user does not even realize that their system might have been compromised?
0
Comment
Question by:vulture714
7 Comments
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35210627
You need an up to date anti-virus/firewall that runs on your client PCs and your server. An uncompromised PC should detect anything malicious.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210645
An uncompromized computer cannot detect something that it does not have a definition for.. IE something brand new...  but IMHO that is as close as you can get.. Server managed AV solution, proper firewall config on the network.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210653
Make sure all systems always have up to date windows updates, and networks service program updates (java, flash,etc you can use secunia psi to see what needs updates)

Make sure you are using strong passwords on all computers that are different usernames and passwords on each individual machine. Install a tea timer (super antispyware) or get an AV that includes one (a tea timer notifies you that a program would like to make a change and you can approve or the deny the change)

Have a strong Av (preferbaly as said with a tea timer and internal firewall) I like Nod32 from Eset it is ranked highly on av comparitives. Do not have accounts without strong passwords enabled.
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 29

Expert Comment

by:Randy Downs
ID: 35210675
You should also ensure that your network is secure by locking down your routers. No open ports you don't need and strong passwords on any wireless connections.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35210888
The whole concept of "Defense in Depth" comes in to play in network security.
Relying on a single source of AV protection is always asking for trouble.

In addition to AV/Anti-malware on all your systems, you need a good hardware firewall appliance, an Intrusion Detection System, and some users with good common sense (good luck on that last one).

Despite what every one of your users will tell you, not one of them needs "Admin" rights on their systems. Taking away their account privs will not guarantee protection, but it is one heck of first step.

You need to sign up with some of the Network Security sites (http://www.cert.org/http://www.sans.org/) and be ready to respond 25/8 to any/all alerts that come your way.

There really haven't been any "Zero Day" storms in a long time, but that doesn't mean that one won't start before I finish typing this.

Even better than "educated users" are "educated and motivated" Network Security Managers.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210949
Security is a limitless target its more important to know your risk level

Rate of occurrence x by the impact of the event = risk

If the impact of an occurance is incredibly Low and the likelyhood is low then do not spend more on security then the cost of responding to an incident.

One needs to evaluate what the concern is if it is downtime then perhaps a rapid response to restore a computer back to a running state is a better investment in the long run and if its data privacy then consider storing data on encrypted storage that is heavily firewalled and secured. Not know your business I could not give you an adequate security plan but keep in mind there is no one size fits all solution.
0
 
LVL 27

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
ID: 35211014
We've had a bit of trouble on our network aand found that implementing a perimeter firewall and a good AV solutions on the end users' machines (like NOD32) can prevent virtually all possibilities of infection.  As others have said (read younghv) the sysadmin has to be on top of things.

I have this policy, which you are welcome to use any portion of, that I enforce with my users.  If they don't comply their machines may be taken off the network and they do not receive support.

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

FYI: I changed the requirement to have Microsoft Update activated and downloading updates.  I have found some instances where I want to check the updates first so they don't break our in house applications.  So I now require that either updates be activated OR updates be managed and pushed out by an IT professional.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question