Techniques of cybercrime are constantly refurbished, they kept weapons and optimization strategies ***, mercilessly roaming network to find the next big target.
A wide variety of sensitive information, private data, such as confidentiality of employee records, customer financial data, medical records and protected government documents, are faced with the relentless threat of cyber security.
Many solutions to the problem, from security realized ensure user training Email *** termination switch in place, and then to add a wide range of advanced network protection layer.
In order to successfully defense a serious threat to ***, worms and malicious software (such as zombie networks), network managers need all the tools and methods for comprehensive network defense strategy.
In all these threats, botnets is undoubtedly the most disturbing security risks. They just amateur cyber criminals evil, it is the darkest network tricks.
Most people are scared of them hidden - hidden latent ability to exploit the opportunity of looking around.
How botnets work?
Botnets *** is not a direct strategic weapons, it is subtle data extraction malware. They sneaked into the network, unauthorized access to a computer and allows malicious software to continue running without being aware of, and they steal data and export it into the victim waiting outside the network of "zombie master" in the whole process evade detection.
How to stop botnet?
The first line of network defense must be manned - those who actually use the computer to work, people perform daily tasks in the office.
Best defensive measures to deal with evolving threats is to train users *** as potential targets. All the range of the network's first line of defense to cover network interaction, from email to social media.
Recommendations to implement a strategy that should be combined with the actual situation of your organization, the following method as much as possible (with some basic methods to complex solutions) into consideration:
1. Make sure you set a termination switch ***
Virtual Private Network (***) allows users to connect through the public network to access confidential information ***. *** you should have an end switch to prevent sensitive data (e.g., IP address) by transmitting insecure connection unintentionally.
2. develop powerful systems to capture and prevent BEC
Commercial e-mail leaked *** is a common strategy, the English abbreviation for BEC (Business Email Compromise), the number of BEC fraud rising, this *** difficult to defend against.
L BEC solutions to detect and eliminate the need for effective strategies to prevent and classify suspicious e-mail sender, content and attachment.
l Installation defensive Gateway Web tools (such as WebSense, McAfee), to help prevent receive e-mail from a bad source, and sends the request to stop is thought to be the source address of malicious software.
3. The establishment of the cultural guard against BEC
According to reports, the social manipulation is one of the most common methods used by criminals *** e-mail accounts. They have long known that, click on the email attachment is a reflection of the conditions in many busy user. Therefore, it is possible to enhance the security of the system in the following ways:
l assumed that the user is always open e-mail attachments, even if your organization has a policy so inconspicuous in the employee handbook - think twice before clicking, but also more thoroughly carry out this policy.
l provide network security awareness training for employees and the knowledge, skills upgrading, for example, use a strong password.
l How to get help and to teach users to use real-time solution to isolate and avoid all kinds of *** use of the network.
l teach users diligent in reporting suspicious e-mail. E-mail to be included in the training and simulation demonstration ***, *** to help them learn to identify and provide additional support for the most vulnerable *** of a user account.
4. Switching to manual software installation
Although this advice may not be popular, but some organizations should automatically install the auto-run feature is disabled by software according to their threat status.
Install the software automatically disable automatic run command to help prevent computer's operating system does not need to start indiscriminately from unknown external sources.
5. Enable Windows Firewall
Install Windows Firewall baseline protection is crucial in the defense against security threats. Users may want to disable the Windows firewall to prevent it from blocking their network connection to be established.
If your networked computers have replaced the appropriate firewall protection, you may want to disable Windows Firewall even necessary.
The key is to configure the appropriate firewall protection.
6. network isolation
Consider network isolation. In today's work environment, most computer station must communicate with each other several times a day between departments.
However, the need for such extensive access to the machines, the ability to limit or eliminate such a large extent help prevent the spread of botnets in your network.
As far as possible:
l by forming a virtual local area network (VLAN) network to minimize risk.
l Using Access Control List (ACL) filters to restrict access to objects and to limit the threat of exposure.
7. Using data filtering
Botnet malware typically work by interacting with at least establish a remote command and control server, the server also uses *** illegally extract sensitive information.
To prevent malicious interact and prevent criminal activity, please use the information for outgoing network data filtering.
Some possible methods include:
l may be applied export content filtering tools, network traffic organization forced through the filter, to prevent the outflow of information organization network.
l Data Loss Prevention (DLP) solution can also be used to monitor unauthorized access and destruction, to prevent them from leaking information.
8. break the domain trust relationships
Eliminate password to regain trust tighter control over local accounts. Carefully control the local administrator account on the threat and eliminate the threat of cutting off vital.
Disable automatic computer interworking function, a network for routing may be cut off zombie propagating in the internal network.
In some or many network computer containing highly sensitive data, which may provide a safe alternative to defense botnet ***.
9. Take extra precautions
Set extra layer of protection to help prevent botnets to protect themselves in your system, the focus is to strengthen the support network, for example, certain particularly vulnerable specific point of contact, from the routing hardware or software components.
Remember the following points:
L *** host-based detection system efficiency is extremely high, but the cost is high, it is often difficult to deploy successfully.
l These tools can not correct the defects or other defects in the prior art operating system.
10. enhance and increase network monitoring
The ability to closely monitor the network, master-Fi users operating activities within the organization, can significantly improve network defense solutions
When botnets or other malicious software *** began, more in-depth monitoring network interactions, we can more quickly detect unusual activity.
l 理想情况下,应该采用24小时监控网络的策略,使用数据收集工具检测异常行为并阻止***系统的尝试。
l 考虑购买远程网络安全服务,以获取范围更广、质量更高的网络监控设备和专业知识,这可能超出内部IT设施和/或一个员工提供全天候服务的水平。
11.使用代理服务器控制网络访问
创建一个可以监控互联网访问的支持出口点,从而增强监视工作的力度。通过代理服务器路由出站信息可以阻止网络犯罪分子绕过网络安全性的尝试。
对于大多数网络,通过代理服务器过滤内容是一种实用的选择,尽管停止每一点疑似有问题的出站信息可能并不现实。
12.应用最低特权原则
一般而言,访问权限应该基于用户功能的需要。如果管理员与特定工作站的用户不是同一个人,则通过下载传播恶意软件的难度会大得多。
这也使得采用自动运行策略来利用系统变得更加困难。这进一步增加了犯罪者通过利用用户的网络账户凭据将恶意软件从一个被***的计算机工作站传播到其他工作站的难度。
13.监视对域名系统的查询响应
持续监视工作站对DNS服务器的查询是识别僵尸网络***症状的一个极好的方法。例如,监视低生存时间(TTL)。
TTL值异常低可能表明僵尸网络***。通过仔细监测低TTL值,系统管理员可以采取措施来抵抗***,并在感染蔓延之前消除僵尸网络。
14.随时掌握紧急威胁
让IT团队及时掌握最新的本地、国家和全球网络威胁动态。例如,据报道,使用电子邮件中的URL***到内部网络的犯罪发生率比使用附件的犯罪发生率高得多。
更普遍地说,在过去一年里,通过使用僵尸网络成功从内部网络窃取信息的比例十分惊人。
及时了解新的动态和不断更新的网络威胁是网络管理专业人员必须始终如一地坚持的首要活动,以有效地保护系统安全。
更安全地迈入2020年
为了保护那些信任你的人,保护他们敏感的个人信息,保护你的品牌声誉,你需要全方位地捍卫网络安全。
使用上述策略、方法和工具,来确保你已有效地防御来自电子邮件,移动访问点,社交平台和任何其他媒体的网络***。
如前所述,僵尸网络现在占网络犯罪的绝大比例。使用上述方法可以帮助你构建一个稳固的网络安全框架,该框架可以根据不同网络预算和规模进行灵活调整和扩展。
本文来源:The Hacker News,由安数网络编译整理。转载请注明出处。
及时掌握网络安全态势 尽在傻蛋联网设备搜索系统
更多安全资讯请关注:
微信公众号 安数网络;新浪微博 @傻蛋搜索