|
|
Bots: Seven Safety Tips
By Baselinemag
2006-04-06
Article Views: 580
Article Rating: / 0
| Rate This Article: |
|
| Add This Article To: |
|
|
What companies can do to prepare against bot attacks.The company versus botmaster battle continues to rage, with neither side clearly winning, says Phyllis Schneck, chairman of the InfraGard National Members Alliance, a coalition of law enforcement and technology professionals and academic researchers that was formed to fight cybercrime. "Viruses have been with us since the mid-1980s. They're still around and creating havoc," she says. "I don't anticipate that botnets will go away anytime soon."
Still, Schneck and other security experts beat the drum about what corporations can do to try to prevent, detect and derail bot attacks. Here is some of their advice:
Run a full set of security technology at each level of computing — desktop, server, internal network and external Internet connections. Include firewalls, antivirus software, automated patching programs, intrusion detection and prevention systems, e-mail protection gateways and anti-adware applications.
Patch early and often.
Educate users not to open attachments or Web links in e-mail or instant messages, even if the sender's name is familiar. Cybertrust, a computer security company in Herndon, Va., that tracks hacker activity, says organizations that train users "performed significantly better than those relying mainly on technical antivirus controls."
Close ports—pathways in and out of the operating system to move data and files—not used by particular applications. Consider closing ports 6666 and 6667, which are used for Internet Relay Chat. Block certain ports at the firewall level, including 135, 137, 138 and 139, which allow applications on different computers to communicate; port 593, which allows computers to talk to each other over the Web; and port 445, used for file sharing and through which some worms and bots enter, including Sasser, Agobot and Zotob.
Partially close ports with numbers higher than 1024 by blocking unsolicited inbound traffic on them.
Know the typical ebb and flow of traffic on the corporate network to recognize unusual patterns early.
Learn how to disrupt a botnet attack. Isolate an infected machine from the internal network and study the bot code inside it. Identify the vulnerability the bot used to enter the machine, and fix the flaw. —K.S.N.
|
|
 |
|
|
| FEATURED VIDEOS |
The Nick for NAC
eWEEK Channel Insider Technology Editor Frank Ohlhorst explains how VARs are about to get lucky. NAC is evolving, and it is evolving in such a way that hardware constraints are quickly being eliminated and NAC bundled with other security solutions is becoming a major opportunity, that should become a lot easier to sell and support.
Will Recession Hit the Channel?
Fears of a possible recession have VARs and solution providers taking steps to prepare their customers.
|
|
Sponsored by
 | |
|
| DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE |
Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...
Featured Calculators:
See More Tools!
By Category| Planners |Calculators | Quizzes
|
| | |
|
|
Projects: Management 
