Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 4565 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tips & Tricks to defend your network from virus infections

Placebo

After reading this post:

/search?q= 11717

and the last remark:

> Thoughts on all this would be most welcome, as I am very keen to try

> and stop these infections from occurring in the first place

I thought I open a topic to discus this with the community and make 1 topic full of tips and tricks to make you network more safe.

Let me start with the obvious:

- Install Sophos

- Manage Sophos

- Configure Sophos to:

-- Do HIPS, Webprotection, Data Control, Tamper Protection and Suspicious File detection.

-- Use Application Control to block all the applications you don't support (and do not patch) (quicktime, firefox, toolbars enz)

-- Do a scheduled scan once a week.

:11763


This thread was automatically locked due to age.
Parents
  • 0

    - Block all executable content from every source.

    -- Block exe on the emailgateway. (even when they are archived (in a zip file))

    -- Block exe on the HTTP(S) Proxy. (even when they are archived (in a zip file))

    -- Block exe from starting from removable storage. (Can be done with GPO Software restriction policy's and if needed a tool to always make a removable storage device map to the same drive-letter.)

    -- Block exe from chat program file transfer options.

    This all also makes sure no software enters you network that you don't know about and is thus unmanaged and unpatched.

    :11781
Reply
  • 0

    - Block all executable content from every source.

    -- Block exe on the emailgateway. (even when they are archived (in a zip file))

    -- Block exe on the HTTP(S) Proxy. (even when they are archived (in a zip file))

    -- Block exe from starting from removable storage. (Can be done with GPO Software restriction policy's and if needed a tool to always make a removable storage device map to the same drive-letter.)

    -- Block exe from chat program file transfer options.

    This all also makes sure no software enters you network that you don't know about and is thus unmanaged and unpatched.

    :11781
Children
No Data