Calgarypuck Forums - The Unofficial Calgary Flames Fan Community - View Single Post

Hack&Lube · 03-12-2014, 10:48 AM

Get:

- Centrally managed AV (like Trend Micro Officescan). Should notify you or your helpdesk by e-mail/ticket instantly when a workstation is compromised so you can take it offline immediately.

- Network design/DMZ/zoning so internet facing servers do not contain sensitive information and are protected.

- Good Firewall, Good port management

- Good policies. Manage user workstations via group policy. Restrict bad user behavior through group policy. Nobody should have admin rights.

- Up to date patching on workstation and servers. This includes patching vulnerable applications like Adobe Reader and Java, etc.

- Use the Nexpose free vulnerability scanner on all your workstations to see what exploits and kits they are completely open to attack from: https://www.rapid7.com/products/nexp...-downloads.jsp
If your users navigate to compromised sites (don't even have to download anything) or open attachments or have infected USB, these things can exploit right away.

- Cloud based filtering (Microsoft Exchange Online Protection [used to be Forefront], MX Logic, etc.). What is your email system?

- Browser web filtering like Websense to prevent your people from going to malicious sites. Umbrella sounds good as well.

- Good backups (!!!). If you get ransom-wared through Cryptolocker, etc. you are screwed without this. Also helps if you can replace a workstation or compromised server immediately.

03-12-2014, 10:48 AM	#5
Hack&Lube Atomic Nerd Join Date: Jul 2004 Location: Calgary Exp:	Get: - Centrally managed AV (like Trend Micro Officescan). Should notify you or your helpdesk by e-mail/ticket instantly when a workstation is compromised so you can take it offline immediately. - Network design/DMZ/zoning so internet facing servers do not contain sensitive information and are protected. - Good Firewall, Good port management - Good policies. Manage user workstations via group policy. Restrict bad user behavior through group policy. Nobody should have admin rights. - Up to date patching on workstation and servers. This includes patching vulnerable applications like Adobe Reader and Java, etc. - Use the Nexpose free vulnerability scanner on all your workstations to see what exploits and kits they are completely open to attack from: https://www.rapid7.com/products/nexp...-downloads.jsp If your users navigate to compromised sites (don't even have to download anything) or open attachments or have infected USB, these things can exploit right away. - Cloud based filtering (Microsoft Exchange Online Protection [used to be Forefront], MX Logic, etc.). What is your email system? - Browser web filtering like Websense to prevent your people from going to malicious sites. Umbrella sounds good as well. - Good backups (!!!). If you get ransom-wared through Cryptolocker, etc. you are screwed without this. Also helps if you can replace a workstation or compromised server immediately. Last edited by Hack&Lube; 03-12-2014 at 04:00 PM.