Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
330
Views
5
Helpful
4
Replies

if worm/virus attacked

nataraj_v
Level 1
Level 1

‎11-30-2005 12:45 AM - edited ‎03-09-2019 01:11 PM

dear all,

if a virus/worm attacked a network wht steps or needed to protect or mitigate the risk ?

im requesting experts to throw something on this.

thanks in advance

regards

Nataraj

Labels:
0 Helpful
4 Replies 4

spremkumar
Level 9
Level 9

‎11-30-2005 01:03 AM

Hi

It all depends upon the worms or virus and the mitigation procedures available in the web.

AFAIK the best way to keep them out in bay is to have the network patched up with latest updates.

Also if possible with firewalls which can keep the LAN out of possible variable attacks.

If you take the WAN end better to close all the unwanted services in the router which can also be used to start the attacks.

Also block the already known ports being used by well known virus/worms.

That can be done using ACLs is possible and if the router has the support or the reqd ios code in it you can have CBAC enabled on that.

It also depends upon the LAN topology u hve there currently and also the kinda equipments present over there.

You could also think off including IDS devices so as to make sure that you are not missing some intrusion left undetected.

regds

0 Helpful

nataraj_v
Level 1
Level 1
In response to spremkumar

‎12-01-2005 01:16 AM

hi thnx for ur reply,

ok now lets take a scenario , i blocked 135 ,137 , 139 ,445 ports on my router and firewall , and i have a norton- ntivirus server its updated to the latest patches.

now a worm attacked ur network. now wht u will do ?

wht are the steps required now to mitigate the risk ?

Thanks in advance

Regards

nataraj

0 Helpful

spremkumar
Level 9
Level 9
In response to nataraj_v

‎12-01-2005 04:54 AM

Hi Natraj...

Virus/Worms are unexpected guests who visits our network though we take proactive security measures to overcome them..

I would suggest to get subscribed to some good security mailing forums as well as to security advisory updates which is even avialable with cisco.

so that you can be well prepared/informed about the security issues related to new worms and virus infos and also to be in a better position to contain them once they outbreak in ur network..

regds

0 Helpful

tsteger1
Level 8
Level 8
In response to nataraj_v

‎12-02-2005 01:35 PM

Hi Nataraj, we found out the hard way that perimeter security doesn't always equal security. The last few times we were hit by malware it was because someone brought in an unpatched and unprotected laptop computer and infected other machines on the network. We had to go around an manually clean and patch all infected machines after shutting them down.

We've since mitigated many of the risks by:

- Reducing the attack surfaces on all platforms

- Implemented MS SUS for patching OSs

- Deployed a centrally managed AV solution

- Installing CSA on all hosts.

- Implemented an email scanning and filtering system

We will start testing NAC soon and hope to have it in place sometime next year if it works out.

It's a lot better than what we had and it's already been tested successfully several times (and probably paid for itself too!).

Hope this helps..

Tom S

Customers Also Viewed These Support Documents