Solved

anti virus, trojan horses

Posted on 2011-03-24
7
432 Views
Last Modified: 2012-05-11
I wanted to know how I could ensure that a worm/rtojan/backdor program won't continue to run on a network.  Meaning let's say I get a program that comprimises the one system, but how can I make sure the same program does not continue to infect the rest of the network?  If assuming that unplugging the network cable would be one way, but what about when a user does not even realize that their system might have been compromised?
0
Comment
Question by:vulture714
7 Comments
 
LVL 29

Expert Comment

by:Randy Downs
Comment Utility
You need an up to date anti-virus/firewall that runs on your client PCs and your server. An uncompromised PC should detect anything malicious.
0
 
LVL 10

Expert Comment

by:Hutch_77
Comment Utility
An uncompromized computer cannot detect something that it does not have a definition for.. IE something brand new...  but IMHO that is as close as you can get.. Server managed AV solution, proper firewall config on the network.
0
 
LVL 2

Expert Comment

by:cripplecaptain
Comment Utility
Make sure all systems always have up to date windows updates, and networks service program updates (java, flash,etc you can use secunia psi to see what needs updates)

Make sure you are using strong passwords on all computers that are different usernames and passwords on each individual machine. Install a tea timer (super antispyware) or get an AV that includes one (a tea timer notifies you that a program would like to make a change and you can approve or the deny the change)

Have a strong Av (preferbaly as said with a tea timer and internal firewall) I like Nod32 from Eset it is ranked highly on av comparitives. Do not have accounts without strong passwords enabled.
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 29

Expert Comment

by:Randy Downs
Comment Utility
You should also ensure that your network is secure by locking down your routers. No open ports you don't need and strong passwords on any wireless connections.
0
 
LVL 38

Expert Comment

by:younghv
Comment Utility
The whole concept of "Defense in Depth" comes in to play in network security.
Relying on a single source of AV protection is always asking for trouble.

In addition to AV/Anti-malware on all your systems, you need a good hardware firewall appliance, an Intrusion Detection System, and some users with good common sense (good luck on that last one).

Despite what every one of your users will tell you, not one of them needs "Admin" rights on their systems. Taking away their account privs will not guarantee protection, but it is one heck of first step.

You need to sign up with some of the Network Security sites (http://www.cert.org/ & http://www.sans.org/) and be ready to respond 25/8 to any/all alerts that come your way.

There really haven't been any "Zero Day" storms in a long time, but that doesn't mean that one won't start before I finish typing this.

Even better than "educated users" are "educated and motivated" Network Security Managers.
0
 
LVL 2

Expert Comment

by:cripplecaptain
Comment Utility
Security is a limitless target its more important to know your risk level

Rate of occurrence x by the impact of the event = risk

If the impact of an occurance is incredibly Low and the likelyhood is low then do not spend more on security then the cost of responding to an incident.

One needs to evaluate what the concern is if it is downtime then perhaps a rapid response to restore a computer back to a running state is a better investment in the long run and if its data privacy then consider storing data on encrypted storage that is heavily firewalled and secured. Not know your business I could not give you an adequate security plan but keep in mind there is no one size fits all solution.
0
 
LVL 26

Accepted Solution

by:
Thomas Zucker-Scharff earned 500 total points
Comment Utility
We've had a bit of trouble on our network aand found that implementing a perimeter firewall and a good AV solutions on the end users' machines (like NOD32) can prevent virtually all possibilities of infection.  As others have said (read younghv) the sysadmin has to be on top of things.

I have this policy, which you are welcome to use any portion of, that I enforce with my users.  If they don't comply their machines may be taken off the network and they do not receive support.

http://www.experts-exchange.com/ITPro/IT_Administration/A_2389-A-policy-to-help-you-prevent-malware-infections.html

FYI: I changed the requirement to have Microsoft Update activated and downloading updates.  I have found some instances where I want to check the updates first so they don't break our in house applications.  So I now require that either updates be activated OR updates be managed and pushed out by an IT professional.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now