427 Botnet fm qxd

Microsoft Patch Tuesday to the first exploit is down to three days as
of December 2006. Don’t forget to verify that all systems have
accepted and installed the patches.
Every Windows host needs a virus checker and possibly a spyware or
adware checker.
Every host should have a firewall. User host firewalls that can actively
warn you about host network perimeter trespasses seem like a very
good idea indeed.
Obviously, malware should be taken off the Net and cleaned up.
However, you may want to first consider putting tcpview or a sniffer
on it and learning if other local hosts are involved.You may also be
able to learn about remote hosts that may be the botnet C&C. Send
a copy of malware that is found on infected systems to one of the
CWSandbox sites to learn what it does and who it talks to upon
installation.
Send abuse e-mail about remote attacks.You may be doing some
poor remote user a great favor (or you may be ignored).
Law enforcement may be invoked, especially if the incident is
considered very serious for legal or financial reasons.
Darknets, honeynets, honeypot tools, and sandboxes are all useful for
determining what is going on in botnet-land.
Shadowserver (www.shadowserver.org) is an all-volunteer group that
tracks and reports on botnets and other malware.They recommend
Nepenthes for collection of malware (see http://nepenthes.
mwcollect.org).
Require all outbound mail to go through official mail servers to
prevent botclients from spamming directly to the Internet.
Use networking equipment that supports port security to detect
DHCP, IP address, and ARP spoofing.
Develop your sources of internal intelligence. Work with operations
to ensure that you have the time to gather intelligence from infected
machines before they are re-imaged and put back in service.

Download 6,98 Mb.

Do'stlaringiz bilan baham: