linux operating commands and unix operating commands

Combating Spyware and Adware with Defense in Depth


 
Thread Tools Search this Thread
# 1  
Old 05-23-2008
Combating Spyware and Adware with Defense in Depth

I have worked in several environments of various sizes and security postures. One of the biggest threats I see in any of these environments when it comes to workstations is Adware and Spyware infections. Once infected systems either can become unusable due to resource hogging adware software, or proprietary data can be stolen from the system. The creators of these threats are always one step ahead of vendor patches, it seems. These days it's not enough just to have real-time malicious code scanning on your workstations. However, there are ways to combat this insidious threat.
First of all, a sensible patching schedule. You need to ensure you are as up to date as is feasible. There are a variety of patching schemes you can utilizing to this effect. The actual mechanics of these tools is outside the scope of this blog post. It can't be stressed enough that patching is crucial though.
A second thing to consider is your firewall. I have seen too many cases where firewalls are open to the world. In this scenario once an issue is identified the offending port or IP is blocked. This is completely backwards! You need to consider the firewall as being a completely closed wall and that you are poking holes in it every time you allow something. This combined with application layer scanning on the firewall and a network based IDS device would likely prevent data leakage from Spyware infections.
The third and most important consideration is an HTTP/HTTPS proxy. This is the ultimate bulwark against Spyware infection. I have seen an environment where they have a two fold approach to this. The first layer is a proxy that only permits access to specifically allowed webpages in a similar fashion to a properly deployed firewall. The second layer is a proxy which filters for potentially malicious code and strips it out of any HTTP/HTTPS traffic bound to workstations. I have seen the numbers in the reporting at this environment and the number of detections on the workstations themselves are dramatically lower than any other environment I've seen.
So as you can see, there are many considerations to preventing Adware and Spyware from infecting workstations. Of course, like many security issues, implementing a well thought out policy which utilizes industry best practices and environment specific considerations makes all the difference in the world.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. What is on Your Mind?

In defense of the command line

Ever since the 80's, I've been appalled at how many people actually think the click-and-wait interface (GUI) is superior to the command line. I suspect that can be explained by most of them never having used any shell other than the atrocious DOS window, but it still amazes. So I'm pleased to... (3 Replies)
Discussion started by: KenJackson
3 Replies
Login or Register to Ask a Question