Currently it is very important to be monitoring traffic exiting your network to be able to detect remote access trojans that have not been detected by your anti virus .
I suggest restricting all out bound traffic from the desktop and inspecting proxy logs as well as web content management.
If you are a high risk target white listing only approved business web sites may be an option. You can always set up an internet cafe for users to surf fairly un restricted .
Without some of these restrictions it is too easy for the bad guys to write up a custom trojan (or just modify an existing one slightly )and slip it through your defences through a stored XSS in a trusted web site or even social engineer it through in a password protected zip file .
About Me
- Matthew Hackling
- Matt runs his own security consultancy called Ronin Security. His focus is information security management and he has a keen interest in infrastructure and web application security. He's a CISSP and the current Branch Executive of the Melbourne chapter of the Australian Information Security Association.
Labels
- AISA (1)
- australian information security market (1)
- career advice (1)
- causes (1)
- DoS (1)
- economics (1)
- FUD (1)
- futurism (1)
- information security governance (4)
- IPS (1)
- privacy (2)
- sacred cows (1)
- security patching (1)
- vulnerability management (1)
Thursday, February 19, 2009
Subscribe to:
Post Comments (Atom)
Handy Links
Twitter Updates
Matt's list of blogs
-
Dear America – How much is the tip?3 weeks ago
Blog Visitors
Lijit
InterSec - ISC2 CISSP networking portal
0 comments:
Post a Comment