EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Labs’ FAQ – best practices for protecting your organization’s systems against malware

July 26th, 2006 · No Comments ·

Get the news first, save yourself time thanks to our e-mail service. It’s much more convenient.E-mail this posting to your buddies, they will appreciate the information (see e-mail button at the end of this posting).

Previously we discussed the following issues:

Using past experience as a guide, we have developed a malware best-practices check-list to ensure your business is as protected as possible from the threats all networks face on a daily basis.

Our malware best practices include the following key practices;

  1. When we see bad malware situations it is almost always caused by an employee’s non-work related surfing or lack of awareness as to how malware propagates. Educating your users is a very effective way to guard against a malware infection. There are several things that your users should understand about malware including how it enters your network and how to recognize when there is a problem.For instance, users must understand that the two most common ways for malware infections are via:
      > email and through
      > applications installed from Internet downloads.
  2. Users must understand that the network and Internet access are being provided by the employer for business purposes. An Acceptable Use Policy (AUP) puts this in writing and ensures that the users understand appropriate and inappropriate uses of this business resource. Inappropriate is surfing to non-work related web sites during working hours, such as, about 70% of all Internet porn traffic occurs during the 8-5 workday.
  3. All corporate anti-virus software has a server component. Be sure this server component is installed and working properly to adequately protect your network.Along with protecting your workstations, protecting the server itself is also important. In the latter case, files accessed must be monitored to ensure an infection does not impact the server itself.
  4. For a single or 5 PCs it is fine to use the Automatic Update service. You can configure your machines to either check manually or check automatically

    Larger corporate networks should employ a server based update service such as Windows Update Service. A server based approach will allow you to see at a glance which machines are updated and which are in need of attention. In addition, a server based approach saves considerable bandwidth as just one machine is downloading updates from the Internet as opposed to each machine downloaded their own individual patches.
    Most important is that this approach allows you to download the patches and TEST them on an isolated system first. With countless configuration it can easily happen that a set of updates fails to work properly and you do not want to have the trouble the UK National Health System had by failing to use this best practice approach.

  5. Careful monitoring with the help of a baseline. For instance, when Internet usage climbs over a certain level and stays there for an extended period of time, administrators should be alerted. When more than 10 viruses are discovered in any one hour period, an alert should be triggered.With such information, sys admin folks can respond to problems before these become a pandemic. But this necessitates a baseline from which to review performance. Otherwise it is almost impossible to know when problems arise.On a weekly basis it should be checked if the updating of file anti-virus file signatures is working properly while every PC or server should be updated within one or two virus signature files. A client that consistently does not update indicates a problem that must be addressed.



|

→ No CommentsTags: baseline · basics · component · inappropriate · practices · server · update