Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started.

New Member

if worm/virus attacked

dear all,

if a virus/worm attacked a network wht steps or needed to protect or mitigate the risk ?

im requesting experts to throw something on this.

thanks in advance

regards

Nataraj

  • Other Security Subjects
4 REPLIES

Re: if worm/virus attacked

Hi

It all depends upon the worms or virus and the mitigation procedures available in the web.

AFAIK the best way to keep them out in bay is to have the network patched up with latest updates.

Also if possible with firewalls which can keep the LAN out of possible variable attacks.

If you take the WAN end better to close all the unwanted services in the router which can also be used to start the attacks.

Also block the already known ports being used by well known virus/worms.

That can be done using ACLs is possible and if the router has the support or the reqd ios code in it you can have CBAC enabled on that.

It also depends upon the LAN topology u hve there currently and also the kinda equipments present over there.

You could also think off including IDS devices so as to make sure that you are not missing some intrusion left undetected.

regds

New Member

Re: if worm/virus attacked

hi thnx for ur reply,

ok now lets take a scenario , i blocked 135 ,137 , 139 ,445 ports on my router and firewall , and i have a norton- ntivirus server its updated to the latest patches.

now a worm attacked ur network. now wht u will do ?

wht are the steps required now to mitigate the risk ?

Thanks in advance

Regards

nataraj

Re: if worm/virus attacked

Hi Natraj...

Virus/Worms are unexpected guests who visits our network though we take proactive security measures to overcome them..

I would suggest to get subscribed to some good security mailing forums as well as to security advisory updates which is even avialable with cisco.

so that you can be well prepared/informed about the security issues related to new worms and virus infos and also to be in a better position to contain them once they outbreak in ur network..

regds

Blue

Re: if worm/virus attacked

Hi Nataraj, we found out the hard way that perimeter security doesn't always equal security. The last few times we were hit by malware it was because someone brought in an unpatched and unprotected laptop computer and infected other machines on the network. We had to go around an manually clean and patch all infected machines after shutting them down.

We've since mitigated many of the risks by:

- Reducing the attack surfaces on all platforms

- Implemented MS SUS for patching OSs

- Deployed a centrally managed AV solution

- Installing CSA on all hosts.

- Implemented an email scanning and filtering system

We will start testing NAC soon and hope to have it in place sometime next year if it works out.

It's a lot better than what we had and it's already been tested successfully several times (and probably paid for itself too!).

Hope this helps..

Tom S

119
Views
5
Helpful
4
Replies