427 Botnet fm qxd

■
Security policy and process is crucial.This applies in particular to user
account management (minimize privilege), password policy (use
them, the stronger the authentication the better), and installation of
third-party network accessible software (check it and isolate it, insist
on a responsible party for any instances of it).
1. Set group policy to turn on user account logging of both suc-
cessful and failed login attempts.
2. Set group and local policies to govern password strength, number
of failed attempts, etc.
3. Set group policy to ensure the Windows firewall is on and log-
ging is enabled.
4. Ensure that systems that log on to enterprise networks have cur-
rent OS and A/V updates as a condition of logging on.
5. Establish security group policies that are necessary for every orga-
nization in the enterprise and coordinate their acceptance by all
groups that manage IT groups.
■
Ensure that your OS and A/V are updated in a timely manner. Don’t
just run the patch job. Run reports after every update to determine
which systems have and have not been updated. Determine why they
didn’t update and find a way to reach all systems.
So, given that set of guidelines aimed at local sanity, what else might 
we do?
How Might We Respond to Botnets?
Obviously, one very basic response to botnets is to stomp out the malware.
Consider these suggestions:
■
Clean up any infected hosts, whether they are clients or server. Be
prepared to re-image or reinstall from scratch, as some sorts of mal-
ware are very complicated these days.Trying to remove a bit here and
there is not likely to work. It can be very hard to find all the parts of
a rootkit. Of course, this situation may be made more complex if you
have any thoughts of working with law enforcement and you need to
worry about preserving evidence.You can at least replace the user’s
drive with a new shiny, up-to-date pile of software and cart the

Download 6,98 Mb.

Do'stlaringiz bilan baham: