Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

Recommendations and best practices to prevent Ransumware

Permissions, Group Policy, IPSec, Virus, Spam, Spyware, Malware.

Recommendations and best practices to prevent Ransumware

Postby blin » Thu Jan 26, 2017 3:54 pm

Quoted from Symantec support
For users:
Use discretion when clicking on links from known or unknown senders. Avoid clicking URLs sent with generic messages.
Do not accept unsolicited file transfers from contacts when using programs such as instant messaging clients.
Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the
firewall, such as HTTP, FTP, mail, and DNS services.
Keep Adobe Reader and other Adobe software updated using the Adobe Updater.
Using an alternative PDF document reader may reduce the risk of exploitation. Different PDF readers may be affected by different
Adobe Flash is often targeted for attack, based on its widespread usage. If possible, use browser add-ons to limit the automatic
loading of Flash content, allowing you to selectively enable it when needed. Keep Flash updated using the Adobe Updater.
Some malicious websites display fake videos and claim that missing codecs are required to view the content. Do not install such
unknown or unfamiliar video codecs.
Do not connect to unknown or suspicious "free" Wifi networks. Some such networks are set up specifically to sniff out network
traffic, stealing sensitive details in the process. Use encryption on legitimate free networks as well. See this blog entry for more
Do not install ActiveX components offered by websites unless you are absolutely sure they are not malicious.
Disable or limit the execution of JavaScript by default in Web browsers to reduce the risk of attacks, such as redirection to
malicious sites or launching browser exploits. If possible, use browser add-ons to limit the function of JavaScript, allowing you to
selectively enable it when needed.
Do not arbitrarily accept contact requests on social networking sites. Insure that you know the individual before adding them. Use
caution when using applications and clicking links in social networking sites. For more information, see this whitepaper.
Configure Windows Explorer to always show file extensions. This can help identify malicious files that use double extensions in
order to mask their true file type.

For administrators:
Regularly train and refresh employees on security policies and procedures.
Turn off file sharing if it is not needed. If file sharing is required, use ACLs and password protection to limit access. Disable
anonymous access to shared folders.
Use strong, not-easy-to-guess passwords. When managing many users, enforce a password policy. For information on how to
create strong passwords, see this blog entry.
Use an early warning or threat notification system, such as Symantec DeepSight Threat Management System, to keep informed of
new threats and patches.
Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. If
they are removed, threats have less avenues of attack.
Using a firewall with IDS functionality can protect computers from attack and help block or detect back door server
communications. For publically accessible servers, block all incoming connections from the Internet to services that should not be
publicly available. By default, deny all incoming connections and only allow services you explicitly want to offer to the outside world.
Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. Ensure that
untrusted users on the computer have limited permissions and allow only those with administrator-level access to install new
software. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a
legitimate application.
Procure software from reputable sources. Avoid downloading software from unofficial peer-to-peer (P2P) sources, since many
threats often use this channel as a means to propagate amongst users.
Set the Microsoft Office Macro Security level to High in order to notify users of potentially malicious macro code contained in Office
documents. If macros are not used, disable this functionality in Microsoft Office.
When an outbreak occurs, isolate the compromised computers quickly to prevent threats from spreading further. Perform a
forensic analysis and restore the computers using trusted media. For more information on how to do this, see this whitepaper.
Users of Symantec Endpoint Protection can also create Application Device Control policies to restrict the use of unauthorised
Implement application control rules to block specific threats. Symantec Endpoint Protection's Application and Device Control is a
power tool that can be used to stop a specific file, block peer-to-peer (P2P) network use or protect critical files and registry entries.
Use Symantec Endpoint Protection's application and device control to block attempts to exploit the computer using PDF files.
How to Configure and Troubleshoot Cisco

Tablet and Smartphone Setup Guide
Site Admin
Posts: 3673
Joined: Wed Dec 31, 1969 7:00 pm
Location: Chicago, USA

Return to Security

Your Ad Here

Who is online

Users browsing this forum: No registered users and 3 guests