Slashdot Mirror

← Back to Stories (view on slashdot.org)

How To Avoid a Botnet Infection?

Posted by CmdrTaco on from the yeah-good-luck-with-that dept.

Taco Cowboy writes "Two of the networks in the company I work for have been zombified by different botnets. They are taken off the grid as we speak. We thought we had taken precautions against infection, such as firewall and anti-viral programs, but for some reasons we have failed. Is there any list of precautionary steps available?" I'd suggest port blocking 80 for any computer that is detected running a web browser, but that might prevent some percentage of legitimate work.

2 of 396 comments (clear)

  1. Re:Yeah... by ZeroPly · · Score: 5, Informative

    The military has reversed its policy on USB drives - because quite frankly it was throwing out the baby with the bathwater. The restriction was actually preventing work from getting done, a lot of times at my unit we would leave at 3:30pm instead of finishing a project because we had no way to move files from a laptop that was not on the network to one of our machines, and IT help was not available. You're talking about millions of hours of worker productivity lost because IT could not figure out a way to make one of the most useful technologies safe. The USB restriction is precisely the way NOT to conduct security - unless you're lazy and don't care much about your users actually work.

    IT people make the common mistake of "the NSA does it that way" + "the NSA is very secure" = "this is a secure way of doing it". You're not the NSA. Look at your users first and tailor the solution around them.

    There is no quick answer to this. You can't ask "how to do I prevent bot infections?" any more than you can ask "how can I keep my body healthy?" It's just too general a question. The solution is going to involve assessment of your particular situation, and the combination of the appropriate products and policies.

    --
    Support microSD: in a post 9/11 world, it is unwise to carry your data on media that you cannot comfortably swallow.
  2. Re:In an ideal world... by jscott · · Score: 5, Informative

    In the K-12 district for which I work, there have ~600 staff (teachers/non-teachers), ~7800 student users and about 3000 workstations + notebooks. We're a Windows (XP for educational software product requirements) shop and run AD. In the past two years we've reigned in administrative users [even I, the sysadmin, run as a limited user on my workstation] and implemented a fairly detailed SRP White Listing. These two changes alone greatly reduced not only issues with crap-ware infections, but greatly reduced technician support time requirements.

    The vast majority of our users [excluding the students who can no longer run proxy software] Do. Not. Fucking. Hate. Us. You would be surprised how happy people are when their computers "just work" and don't require cleaning/futzing every couple weeks.

    I /cannot/ recommend enough budgeting time to investigate what SRP can do for your network.

    --
    signal, noise, to me it's all the same.