Recommendations and Best Practices for Threat Defense

book

Article ID: 178387

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 

Resolution

Security recommendations and best practices

 

For users:

  • Use discretion when clicking on links from known or unknown senders. Avoid clicking URLs sent with generic messages.
  • Do not accept unsolicited file transfers from contacts when using programs such as instant messaging clients.
  • Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
  • Keep Adobe Reader and other Adobe software updated using the Adobe Updater.
  • Using an alternative PDF document reader may reduce the risk of exploitation. Different PDF readers may be affected by different vulnerabilities.
  • Adobe Flash is often targeted for attack, based on its widespread usage. If possible, use browser add-ons to limit the automatic loading of Flash content, allowing you to selectively enable it when needed. Keep Flash updated using the Adobe Updater.
  • Some malicious websites display fake videos and claim that missing codecs are required to view the content. Do not install such unknown or unfamiliar video codecs. 
  • Do not connect to unknown or suspicious "free" Wifi networks. Some such networks are set up specifically to sniff out network traffic, stealing sensitive details in the process. Use encryption on legitimate free networks as well. See this blog entry for more information.
  • Do not install ActiveX components offered by websites unless you are absolutely sure they are not malicious.
  • Disable or limit the execution of JavaScript by default in Web browsers to reduce the risk of attacks, such as redirection to malicious sites or launching browser exploits. If possible, use browser add-ons to limit the function of JavaScript, allowing you to selectively enable it when needed.
  • Do not arbitrarily accept contact requests on social networking sites. Insure that you know the individual before adding them. Use caution when using applications and clicking links in social networking sites. For more information, see this whitepaper.
  • Configure Windows Explorer to always show file extensions. This can help identify malicious files that use double extensions in order to mask their true file type.
 

For administrators:

  • Regularly train and refresh employees on security policies and procedures.
  • Turn off file sharing if it is not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders.
  • Use strong, not-easy-to-guess passwords. When managing many users, enforce a password policy. For information on how to create strong passwords, see this blog entry.
  • Use an early warning or threat notification system, such as Symantec DeepSight Threat Management System, to keep informed of new threats and patches.
  • Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. If they are removed, threats have less avenues of attack.
  • Using a firewall with IDS functionality can protect computers from attack and help block or detect back door server communications. For publicly accessible servers, block all incoming connections from the Internet to services that should not be publicly available. By default, deny all incoming connections and only allow services you explicitly want to offer to the outside world.
  • Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. Ensure that untrusted users on the computer have limited permissions and allow only those with administrator-level access to install new software. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
  • Procure software from reputable sources. Avoid downloading software from unofficial peer-to-peer (P2P) sources, since many threats often use this channel as a means to propagate amongst users.
  • Set the Microsoft Office Macro Security level to High in order to notify users of potentially malicious macro code contained in Office documents. If macros are not used, disable this functionality in Microsoft Office.
  • When an outbreak occurs, isolate the compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media. For more information on how to do this, see this whitepaper.
  • Users of Symantec Endpoint Protection can also create Application Device Control policies to restrict the use of unauthorized software.
  • Implement application control rules to block specific threats. Symantec Endpoint Protection's Application and Device Control is a power tool that can be used to stop a specific file, block peer-to-peer (P2P) network use or protect critical files and registry entries.
  • Use Symantec Endpoint Protection's application and device control to block attempts to exploit the computer using PDF files.
  • Symantec helps organizations secure and manage their information-driven world with security management, endpoint security, messaging security and Web security solutions. For specific country offices and contact numbers, please visit our home page.