Solved

anti virus, trojan horses

Posted on 2011-03-24
7
433 Views
Last Modified: 2012-05-11
I wanted to know how I could ensure that a worm/rtojan/backdor program won't continue to run on a network.  Meaning let's say I get a program that comprimises the one system, but how can I make sure the same program does not continue to infect the rest of the network?  If assuming that unplugging the network cable would be one way, but what about when a user does not even realize that their system might have been compromised?
0
Comment
Question by:vulture714
7 Comments
 
LVL 29

Expert Comment

by:Randy Downs
ID: 35210627
You need an up to date anti-virus/firewall that runs on your client PCs and your server. An uncompromised PC should detect anything malicious.
0
 
LVL 10

Expert Comment

by:Hutch_77
ID: 35210645
An uncompromized computer cannot detect something that it does not have a definition for.. IE something brand new...  but IMHO that is as close as you can get.. Server managed AV solution, proper firewall config on the network.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210653
Make sure all systems always have up to date windows updates, and networks service program updates (java, flash,etc you can use secunia psi to see what needs updates)

Make sure you are using strong passwords on all computers that are different usernames and passwords on each individual machine. Install a tea timer (super antispyware) or get an AV that includes one (a tea timer notifies you that a program would like to make a change and you can approve or the deny the change)

Have a strong Av (preferbaly as said with a tea timer and internal firewall) I like Nod32 from Eset it is ranked highly on av comparitives. Do not have accounts without strong passwords enabled.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 29

Expert Comment

by:Randy Downs
ID: 35210675
You should also ensure that your network is secure by locking down your routers. No open ports you don't need and strong passwords on any wireless connections.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35210888
The whole concept of "Defense in Depth" comes in to play in network security.
Relying on a single source of AV protection is always asking for trouble.

In addition to AV/Anti-malware on all your systems, you need a good hardware firewall appliance, an Intrusion Detection System, and some users with good common sense (good luck on that last one).

Despite what every one of your users will tell you, not one of them needs "Admin" rights on their systems. Taking away their account privs will not guarantee protection, but it is one heck of first step.

You need to sign up with some of the Network Security sites (http://www.cert.org/http://www.sans.org/) and be ready to respond 25/8 to any/all alerts that come your way.

There really haven't been any "Zero Day" storms in a long time, but that doesn't mean that one won't start before I finish typing this.

Even better than "educated users" are "educated and motivated" Network Security Managers.
0
 
LVL 2

Expert Comment

by:cripplecaptain
ID: 35210949
Security is a limitless target its more important to know your risk level

Rate of occurrence x by the impact of the event = risk

If the impact of an occurance is incredibly Low and the likelyhood is low then do not spend more on security then the cost of responding to an incident.

One needs to evaluate what the concern is if it is downtime then perhaps a rapid response to restore a computer back to a running state is a better investment in the long run and if its data privacy then consider storing data on encrypted storage that is heavily firewalled and secured. Not know your business I could not give you an adequate security plan but keep in mind there is no one size fits all solution.
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
ID: 35211014
We've had a bit of trouble on our network aand found that implementing a perimeter firewall and a good AV solutions on the end users' machines (like NOD32) can prevent virtually all possibilities of infection.  As others have said (read younghv) the sysadmin has to be on top of things.

I have this policy, which you are welcome to use any portion of, that I enforce with my users.  If they don't comply their machines may be taken off the network and they do not receive support.

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

FYI: I changed the requirement to have Microsoft Update activated and downloading updates.  I have found some instances where I want to check the updates first so they don't break our in house applications.  So I now require that either updates be activated OR updates be managed and pushed out by an IT professional.
0

Featured Post

New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Adups vulnerability 5 94
Question on security Audit 2 94
Computer performance snapshot  -baseline evaulation 7 94
By pass website on ASA for Websense 4 55
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
I've been an avid user and supporter of Malwarebytes Premium Version 2.x for years. It's an excellent product that runs alongside just about any Anti-Virus application without issues. It seems to have an uncanny ability to pick up many things that A…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now