Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 4565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tips & Tricks to defend your network from virus infections

Placebo

After reading this post:

/search?q= 11717

and the last remark:

> Thoughts on all this would be most welcome, as I am very keen to try

> and stop these infections from occurring in the first place

I thought I open a topic to discus this with the community and make 1 topic full of tips and tricks to make you network more safe.

Let me start with the obvious:

- Install Sophos

- Manage Sophos

- Configure Sophos to:

-- Do HIPS, Webprotection, Data Control, Tamper Protection and Suspicious File detection.

-- Use Application Control to block all the applications you don't support (and do not patch) (quicktime, firefox, toolbars enz)

-- Do a scheduled scan once a week.

:11763


This thread was automatically locked due to age.
Parents
  • 0

    - Strip the Google referrer HTTP header on the proxy (After this almost all my FakeAV detections vanished). FakeAV almost always checks if you entered the site directly our through a link from Google. If direct they serve up nothing, if through Google they serve up FakeAV.

    I have the following rules on my 'outgoing header field section' on my proxy:
    Action Strip: 'Referer:*google.*'
    Action Strip: 'Referrer:*google.*'

    See:
    http://en.wikipedia.org/wiki/HTTP_referrer
    as to why I strip Referer and Referrer.

    :11769
Reply
  • 0

    - Strip the Google referrer HTTP header on the proxy (After this almost all my FakeAV detections vanished). FakeAV almost always checks if you entered the site directly our through a link from Google. If direct they serve up nothing, if through Google they serve up FakeAV.

    I have the following rules on my 'outgoing header field section' on my proxy:
    Action Strip: 'Referer:*google.*'
    Action Strip: 'Referrer:*google.*'

    See:
    http://en.wikipedia.org/wiki/HTTP_referrer
    as to why I strip Referer and Referrer.

    :11769
Children
No Data