Home page logo
/

basics logo Security Basics mailing list archives

Re: proactive blocking of malware threats
From: Curt Shaffer <cshaffer () gmail com>
Date: Sun, 31 Jan 2010 09:49:50 -0500

I wanted to ask something on one of your suggestions here. On number 3. This seems like a good idea. Are you putting 
some kind of wildcard in and forbidding all directories then putting in your allow for %programfiles% and %windir%? Or 
is it that when you enable software restrictions that there is an implicit deny unless mentioned otherwise? I guess I'm 
also wondering how things like Java and active x controls are working in this case. 


On Jan 26, 2010, at 5:21 PM, martin wrote:

Well, my list is by no means exhaustive, and I'm not even 100% sure
it's what you're looking for.  But I'll throw it out there anyway, it
might get you thinking :0) guess:

1.  IDP
2.  Different AV's at different entry points to the network - eg
Norton on your proxies, symantec on your mail servers and trend micro
on your desktops
3.  Software Restriction Policiees:
most users don't need to run executibles from their profile, they only
need to run the ones installed in %programfiles% or %windir%.  So
blocking any exe's and scripts from running under the user profile
would prevent some malware from getting through.  Of course this
depends on you having Windows desktops with XP or later and an AD
environment.  It'll need some testing though - we partially use it and
found that some badly written apps (installed in C:\Program Files)
write exe's to the user profile temporarially ... I have to emphasise
though, there was just one (so far !!)
4.  Goes without saying ... LUA !!

Anyway, not too sure if this is what you were looking for, but
hopefully it might help

M

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
  • Re: proactive blocking of malware threats Curt Shaffer (Feb 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]