You've been hacked: Stage four -- Preventative measures

By Lindsay Mullen, Assistant Editor 21 Apr 2005 | SearchWindowsSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Lawrence Abrams: Keep computers patched and up to date. Use a patch management system. This will allow even remote users who log on to the network to get their updates installed on their computer.

Invest in a content filtering device, such as a firewall. These devices allow you to filter for security threats, spam and Web sites that are known to install malware. They will also alert you when a machine seems to be performing port scans or other abnormal behavior.

Schedule nightly or weekly antivirus and antispyware scans. Spyware and viruses have become almost interchangeable and should be treated equally. Create firewall access rules for known ports that should not be used on your network, such as Internet Relay Chat. This will allow you to quickly spot when a machine may be infected by examining the firewall logs.

Kevin Beaver: Some practical measures would be to harden each user's workstation via Group Policy, utilize centralized patch management when users are plugged into the network, implement a security policy and train users on how to apply their own patches when working remotely (not a great option, but better than nothing). You also want to install antispyware, antivirus and personal firewall software with application protection, such as BlackICE, Zone Alarm, etc. This combination makes for a fairly strong solution.

Tony Bradley: There are a wide range of proactive steps that you can take to prevent issues in the future; which ones to use depends on what the issue ultimately turns out to be.

Policies should be established and tools implemented to ensure that remote or traveling users receive their virus updates and required patches. A host-based intrusion prevention or personal firewall program would also help protect those users from future attacks.

Go back to the initial user problem: Hacking scenario

About the experts: Expert bios are available on the scenario page.

Tags: Network intrusion detection and prevention and malware removal,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network intrusion detection and prevention and malware removal Underlying causes of inconsistent patch management Windows security tools for the busy desktop administrator Check IT List: Five steps for rootkit detection Top Windows client security tools for end users Hacking Exposed Windows: Windows security features and tools Tools for virus removal and detection Windows security testing: Five tips for the summer Buffer overflows can be prevented by GS cookies Windows Resource Protection (WRP) protects critical system resources How to secure BitLocker configurations

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary