A happy new year and a secure system to you

Lately I’ve been busy doing some security related work. As it turns out, computer attacks have become a lot more sophisticated and back-handed. It’s no longer just about having all the latest updates and security fixes installed but even more about having some sort of intrusion detection mechanism that helps you detect any misbehavior or unusual communication reaching into the internet.

Some lessons learned from detecting and cleaning up after a malware/viruses/trojans/etc.

  • have detection software at hand (there are very good packages like Malware Bytes that can help you sort out a situation when you might be unsure if a computer is infected. A “nothing found” message shouldn’t necessary be taken as a definitive stamp of approval, but if detection tools find something you at least have some kind of confirmation of your suspicions. Other helpful software is Sysinternals’ Process Explorer and RootkitRevealer.
  • do not – I repeat – do not let your computer systems communicate directly with internet services; have a firewall/router/proxy in between that filters and/or logs what is going on. In most instances this is the number one address to go to for any indications of an attack or already taken over system. This will also be very helpful in understanding where an attack came from and how it started and operated. After all, if you don’t learn and just reset everything to the state before a problem occurred, nothing is going to stop an intruder to repeat his ploy if the previously exploited security holes have not been closed.
  • have backups of everything – not just server data but also snapshot images of your client systems in a pristine/after-install state. Best thing to do is probably have a couple of snapshots over the lifetime of the computer: from fresh install with only the operating system, one after installing all the typical software tools and applications and to top it off you might even consider doing a backup snapshot once every year or quarter year so you have covered everything. I can highly recommend partimage or Ghost for Linux for this task, but even a simple dd or a commercial Symantec Ghost will do. If you want to be on the safe side – make your file backup a  3-2-1 backup: have them stored in three places, on at least two different media types and at least one of these media off-site.
  • if you are running computers in an exposed setting (e.g. in retail where strangers might try to gain access to your unattended computer), have a screen-saver activated after a minute of inactivity requiring a re-login when turned off; furthermore make sure passwords are strong. To ease the inconvenience of constantly having to relogin you could install fingerprint/RF/card readers.
  • last but not least, if at all possible tweak your system to be more secure: disable Autorun/Autoplay, have antivirus software installed and running. Microsoft released its Security Essentials package that has proven its’ worth thousandfold. It’s fast, pretty reliable and so far has been the least intrusive anti-virus experience I’ve had the fun to deal with.

It’s a very brief and quick summary of recommendations, but it’ll save you a ton of time when disaster strikes – not only in regards to security but also in case a harddrive goes.

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.