Computer & Telephone Consultants

Phone - 561.333.8424

Thinking inside the box so you don't have to.

Home
- Company News
- Newsletters
- History
- Code of Ethics
- Pay an Invoice
Services
- FixIT
- ProActive
- vHouseCall
- Security Audit
- Custom Software >
  - SetVal
  - Re Xplorer
  - Data Toolbox
  - MMPL
  - RTML
- Consulting
- Installations >
  - Examples
Support
- Client Login
More
- Safe Computing >
  - Network Security
  - Security Information
  - Food For Thought
- Helpful Tools >
  - Domain Name Search
  - What's my IP
- Search
- FeedBack

Protective Measures

For all of these problems, the deployment and maintenance of some these simple defenses are relatively effective:

1. Install and Maintain Anti-Virus Software

The CERT/CC strongly recommends using anti-virus software. Most current anti-virus software products are able to detect and alert the user that an intruder is attempting to install a Trojan horse program or that one has already been installed.

In order to ensure the continued effectiveness of such products, it is important to keep them up to date with current virus and attack signatures supplied by the original vendors. Many anti-virus packages support automatic updates of virus definitions. We recommend using these automatic updates when available.

2. Deploy a Firewall

The CERT/CC also recommends using a firewall product, such as a network appliance or a personal firewall software package. In some situations, these products may be able to alert users to the fact that their machine has been compromised. Furthermore, they have the ability to block intruders from accessing backdoors over the network. However, no firewall can detect or stop all attacks, so it is important to continue to follow safe computing practices.

If these protective measures reveal that the machine has already been compromised, more drastic steps need to be taken to recover. When a computer is compromised, any installed software could have been modified, including the operating system, applications, data files, and memory. In general, the only way to ensure that a compromised computer is free from backdoors and intruder modifications is to re-install the operating system from the distribution media and install vendor-recommended security patches before connecting back to the network. Merely identifying and fixing the vulnerability that was used to initially compromise the machine may not be enough.

Often, these worms rely on Trojan horses to initially compromise a system. For more information on Trojan horses, see

http://www.cert.org/advisories/CA-1999-02.html

Additionally, these worms often spread by exploiting vulnerabilities in systems. For information on vulnerabilities affecting popular products, please see

http://www.kb.cert.org/vuls

Protective Measures

1. Install and Maintain Anti-Virus Software

2. Deploy a Firewall

Last modified: February 09, 2008