6.6 Countermeasures
Trojan Countermeasures
- Avoid opening email attachments received from unknown senders.
- Block all unnecessary ports at the hosts and firewall.
- Avoid accepting the programs transferred by instant messaging.
- Harden weak, default configuration settings and disable unused functionality including protocols and services.
- Monitor the internal network traffic for odd ports or encrypted traffic.
- Avoid downloading and executing applications from untrusted sources.
- Install patches and security updates for the operating systems and applications.
- Scan CDs and DVDs with antivirus software before using.
- Restrict permissions within the desktop environment to prevent malicious applications installation.
- Avoid typing the commands blindly and implementing pre-fabricated programs or scripts.
- Manage local workstation file integrity through checksums, auditing, and port scanning.
- Run host-based antivirus, firewall, and intrusion detection software.
Backdoor Countermeasures
- Most commercial anti-virus products can automatically scan and detect backdoor programs before they can cause damage.
- Educate users not to install applications downloaded from untrusted Internet sites and email attachments.
- Use anti-virus tools such as McAfee, Norton, etc. to detect and eliminate backdoors.
Virus and Worms Countermeasures
- Install anti-virus software that detects and removes infections as they appear.
- Generate an anti-virus policy for safe computing and distribute it to the staff.
- Pay attention to the instructions while downloading files or any programs from the Internet.
- Update the anti-virus software regularly.
- Avoid opening the attachments received from an unknown sender as viruses spread via e-mail attachments.
- Possibility of virus infection may corrupt data, thus regularly maintain data back up.
- Schedule regular scans for all drives after the installation of anti-virus software.
- Do not accept disks or programs without checking them first using a current version of an anti-virus program.
- Ensure the executable code sent to the organization is approved.
- Do not boot the machine with infected bootable system disk.
- Know about the latest virus threats.
- Check the DVDs and CDs for virus infection.
- Ensure the pop-up blocker is turned on and use an Internet firewall.
- Run disk clean up, registry scanner and defragmentation once a week.
- Turn on the firewall if the OS used is Windows XP.
- Run anti-spyware or adware once in a week.
- Do not open the files with more than one file type extension.
- Be cautious with the files being sent through the instant messenger.