Endpoint Protection

 View Only

Best practice to avoid spread of virus infection in network 

Apr 15, 2009 11:29 AM

Hi All,
 
In Addition to the latest version of SEP installed with latest virus definition, the following practice is advised for avoiding spread of Virus/worms in network.
 
1. Disabling of the AutoPlay option in the Windows ( This will stop Virus from getting executed on insertion of the USB disks, CD , HDD etc which uses the Autoplay feature), nowadays we are seeing that with less user intervention the Virus is designed to autorun.
2.Make regular backups of critical data when data loss results from a virus infection or other security breach, users may be tempted to use compromised files to avoid losing work. Having current data backups available eliminates the need to try to restore data from possibly compromised or corrupted files.
3. Computers connected to the outside world should be properly protected from internet threats via firewalls. Laptops and remote home workers should be protected using host based firewall protection(SEP) as they might not be able to take advantage of a central firewall inside your business.
4. Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
5.Control on the Users Installing unwanted software/Application, this can be done by the Application blocking/System lockdown feature of SEP .
6. Targeted System Scans during the Day which is quick and scans the most vulnerable locations.
7.Scheduled System Scan once/twice in a week with latest virus definition pushed through SEP Manager.
8. Updating the Security Patches on regular basis, also visiting random PCs which has been updated with Security patches to verify the patch as sometimes remote patch installation fails.
 
9.Turn off file sharing if not needed. If file sharing is required, use  ACLs and  password protection to limit access. Disable anonymous access to shared folders/Drives. Grant access only to user accounts with strong passwords to folders that must be shared.
 
10. Take steps to reduce email threats, configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses and other threats.
                                                            
11.Last but not to be ignored is the User Awareness, which is the most important in preventing a Outbreak situation.
Make sure that users know the basics of safe computing, such as the following:
  • Do not share passwords or store them in email or text files.
  • Do not open unknown email attachments or email from unknown senders.
  • Do not install or run software downloaded from the Internet unless it has been scanned for viruses.
  • Laptop computer users: know how to use and update antivirus software. Scan the laptop computer for viruses before reconnecting to the network.
 Regards,
Mansoor Rashid

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Jun 13, 2009 03:23 AM

USBs and portables needs to be secured...
ports that are opened w/o any use is dangerous..
thanks..

Jun 12, 2009 11:39 PM

thanks for all the comments...
the Best practice to avoid spread of virus infection in network is to inform the enduser that gets all the infections in the first place..

thanks

May 14, 2009 08:30 AM

Rather then just utilizing the disable autorun / autoplay feature in Windows you can also employ an Application and Device Control Policy that will block execution of all programs from say, USB-sticks. Doing so, will actually prevent programs to start from USB-sticks entirely. In order for a program to work the user is then forced to copy it to the computer - which is when SEP can actually actively scan the entire filestream as it is being copied across.

Another thing you can also look at is disabling the autorun / autoplay on Network- and hard-drives. Once you have disabled those you can leave the CD/DVD one enabled if your users so require. Keep in mind that sometimes users simply do not accept disabling certain functionality for security. By restricting USB-sticks, network and hard-drives you can decrease your risk-surface tremendously without compromising user-functionality that much.

Regarding the security patches, assuming you are running Windows, is using WSUS and Group Policies. Setting this up can be a royal pain and should not be underestimated - but once it is done, you can automate approval for certain patches to say, your pilot workstations. It will also report back failed installations etc.

Be sure to also enable the email reporting in your SEPM console, for security and virus alerts, other errors and so on.

The above items are pretty low-hanging fruit (but do require an investement of time!) but the rewards are great. Having your systems updated and your SEPM reporting any events will help you to stop if not prevent any infection before it has the chance to spread.

Prevention will always be better then remediation :)

Just my 2 cents!

May 11, 2009 01:51 AM

I agree also on this.
With this providing user awareness seminar or training will make them responsible enough to use and protect the data, systems and also the network.

Thanks,
jun

May 05, 2009 03:38 AM

@Paul Mapacpac: Nice feedback but since they are customers ourselves they might not take exams for Symantec to check on trainings.
I had only seen 2 trainings for SEPM: administration and migration. 
About  Surveys, that I agree 100%.
 
Just my thoughts.

Thanks,

Nel Ramos

May 03, 2009 11:54 PM

Thanks Nel, I think this will depend on the company, and the target users... for example if the employee is around late 30's and up then we should need a more detailed training.

The best thing we could do also is to create a survey/exam, on the knowledge of the users on security (viruses, etc..) So that we could have a background and make necessary adjustments on the training.

May 03, 2009 11:48 PM

Thats a good suggestion Paul.
Could there be also KB articles on basic troubleshooting and prevention/ containment of infections for non-IT users in the Symantec Website? Hope we would have one in the near future. This would be very needed for virus awareness.. 

May 03, 2009 11:26 PM

Nice post Symantec World, I would also recommend since we already have the best practices here, is to educate the users. Create like a trainging/seminar on how to handle suspicion for example reading emails from unknown users, when the user open a usb drive. etc..

May 03, 2009 10:22 PM

I totally agree with you both.
USBs and portables (user administered AV) are on the top of my list in pilfering viruses to the network.
These are nightmares. 

Apr 23, 2009 10:20 PM

Hope everybody follows it..
I would also like to add it is good to test the Securtiy Patches with your applications but never ignore a critical security patch as it can save you from a major outbreak and downtime.

From last few years i have observed that even if you have a small worm on your file server it is enough to infect your network.
even a single hand written autoplay code can infect your environment.
So do remember to disable Autoplay specially on the server.As in many companies the drives are mapped to all the users.

Try not to login to a infected computer as a administrator ( Specially in case of a worm like downadup) as it spreads with logged in user priviledge.

Regards,
Vikram Kumar

Related Entries and Links

No Related Resource entered.