Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: LAN Virus outbreak Procedures
From: Tyler Robinson <pcimpressions () gmail com>
Date: Thu, 2 Sep 2010 17:45:15 -0600

Thanks Bart I did find the executable and did the policy great idea and
thanks Russell for original idea that worked, is everyone using locked down
local accounts how do you manage software that thinks they need this access
and is there software to help setup local restrictions but still allow
software access thanks everyone after a month of work(well plus usually pc
and admin stuff) I am regaining control. Good fuel to start locking down
stuff and hopefully some sans training or m/aybe better microsoft forefront
training.thanks again.
TR

On Sep 2, 2010 5:39 PM, <d4ncingd4n () gmail com> wrote:
If you know the name of the executable files, you may be able to use a
software restriction policy in active directory to kill or limit the virus.

Try to determine the infection mechanism. Don't forget to check any backup
media, usb keys, etc to prevent reinfection.

If you can isolate infected hosts as Russell mentioned, it will make it
easier.

As far as prevention, make sure the users are running with least user
privileges, remove unneeded software from the machines, keep ALL software
patched not just MS products (removal of unneeded software makes this
easier), disable unneeded services, use different administrator passwords
for each local machine if possible (to stop worms and pass the hash),
segment critical machines (911) from web surfing machines on the network,
etc. *user education *. Use this episode to illustrate the risks. (do you
really want someone to die because 911 is down because you infected your
machine playing Farmville?)

Good luck!

Bart
Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: Tyler Robinson <pcimpressions () gmail com>
Sender: pauldotcom-bounces () mail pauldotcom com
Date: Thu, 2 Sep 2010 13:24:11
To: PaulDotCom Security Weekly Mailing List<pauldotcom () mail pauldotcom com

Reply-To: PaulDotCom Security Weekly Mailing List
<pauldotcom () mail pauldotcom com>
Subject: Re: [Pauldotcom] LAN Virus outbreak Procedures

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault