Shulou(Shulou.com)06/01 Report--

The methods of cybercrime are constantly renovated, they constantly optimize their weapons and strategies, and roam the Internet mercilessly in search of the next big target.

All kinds of sensitive information and private data, such as confidential employee files, customer financial data, protected medical documents and government documents, are facing merciless threats to network security.

There are many ways to solve the problem, from training Email users on security awareness to ensuring that the * stop switch is in place, to adding a wide range of advanced network protection layers.

In order to successfully defend against serious threats from * *, worms, and malware such as botnets, network managers need to adopt all tools and methods that are appropriate for a comprehensive network defense strategy.

Of all the threats mentioned above, botnets are undoubtedly the most disturbing security risk. They are not only the evil deeds of amateur cyber criminals, but also the darkest cyber scams.

What makes people talk about them most is their concealment-their ability to lurk around looking for opportunities to exploit loopholes.

How does botnet work?

Botnet is not a direct strategic weapon, it is subtle data extraction malware. They sneak into the network, access computers without authorization, and allow malware to continue to run undetected, while they steal data and export it out of the victim's network into waiting "zombie hosts". Evade detection throughout the process.

How to stop botnets?

The front line of cyber defense must be guarded-people who actually use computers to work, people who perform daily tasks in the office.

The best defense against evolving threats is to train users as potential targets. The frontline of cyber defense covers all areas of online interaction, from email to social media.

It is recommended that you implement a strategy that takes into account as many of the following approaches as possible, from some basic approaches to complex solutions, taking into account the actual situation of your organization:

1. Make sure your * * has set a stop switch.

Virtual private networks (* *) allow users to access confidential information by connecting to * * through a public network. Your * * should have a stop switch to prevent sensitive data (such as IP addresses) from inadvertently being transmitted over an insecure connection.

two。 Develop powerful systems to capture and block BEC

Business email leakage is a common strategy, abbreviated as BEC (Business Email Compromise), and the number of BEC fraud is on the rise, which is difficult to defend against.

L BEC detection and elimination solutions require effective classifications and policies to block suspicious email senders, content and attachments.

Install defense gateway Web tools, such as WebSense,McAfee, to help prevent receiving email from bad sources and to prevent requests from being sent to addresses that are considered to be malware sources.

3. Establish a culture of strict prevention against BEC

Social manipulation is reported to be one of the most common methods used by criminals to use their e-mail accounts. They have long found that clicking on email attachments is a conditioned reflection of many busy users. Therefore, the security of the system can be enhanced in the following ways:

L assume that users will always open email attachments, and even if your organization has a policy that is so inconspicuous in the employee manual-think twice before clicking, push this policy more thoroughly.

L provide employees with awareness training and knowledge and skills updates about network security, such as the use of strong passwords.

Teach users how to get help and use real-time solutions to isolate and avoid using the network.

L teach users to report suspicious emails frequently. E-mail and mock demonstrations should be included in the training to help them learn to identify * and provide additional support for users whose accounts are most vulnerable.

4. Switch to manual software installation

Although this recommendation may be unpopular, some organizations should disable the automatic installation of software through the autorun feature depending on their threat status.

Disabling automatic installation software helps prevent the computer operating system from indiscriminately initiating unwanted commands from unknown external sources.

5. Enable Windows Firewall

Installing a Windows firewall is critical to baseline protection against security threats. Users may want to disable Windows Firewall to prevent it from blocking the network connections they are trying to establish.

If your networked computer is protected by an alternative appropriate firewall, it is best or even necessary to disable the Windows firewall.

The key is to configure appropriate firewall protection.

6. Network isolation

Consider network isolation. In today's working environment, most computer stations must communicate with each other many times a day between departments.

However, for machines that do not need this broad access, restricting or eliminating this ability can go a long way to stop botnets from spreading through your network.

Whenever possible:

L minimize network risk by forming a virtual local area network (VLAN).

Use access control list (ACL) filters to restrict access to objects and limit threat exposure.

7. Use data filtering

Botnet malware usually works by interacting with at least one remote command and control server, which is also used to illegally extract sensitive information.

To prevent malicious interactions and criminal activity, use data filtering for information that flows out of the network.

Some possible methods include:

L the egress content filtering tool can be applied to force the organization's network traffic through the filter to prevent information from flowing out of the organization's network.

Data loss prevention (DLP) solutions can also be used to monitor unauthorized access and corruption to prevent them from leaking information.

8. Break the domain trust relationship

Eliminate password trust to regain tighter control over local accounts. Careful control of local administrator accounts is critical to cut off threats and eliminate them.

By disabling the automatic interconnection of computers, you can cut off the routes that botnets use to propagate in the internal network.

In networks where some or many computers contain highly sensitive data, this provides a secure alternative to defending against botnets.

9. Take additional precautions

Set up an additional layer of protection to help prevent botnets from protecting themselves in your system, with a focus on strengthening supporting networks, such as specific contact points that are particularly vulnerable, and routing from certain hardware or software components.

Remember the following points:

The host-based detection system is extremely efficient, but the cost is also very high, and it is usually difficult to deploy successfully.

These tools cannot correct defects in the operating system or other existing technical defects.

10. Enhance and increase network monitoring

Closely monitoring the network and mastering the operational activities of network connection users in the organization can significantly improve the ability of network defense solutions.

When botnets or other malware start, more in-depth monitoring of network interaction can detect abnormal activity more quickly.

Ideally, the policy of monitoring the network 24 hours a day should be adopted, and data collection tools should be used to detect abnormal behavior and prevent attempts by the * * system.

L consider purchasing remote network security services to obtain a wider range of higher-quality network monitoring equipment and expertise, which may exceed the level of internal IT facilities and / or round-the-clock service provided by an employee.

11. Use a proxy server to control network access

Create a support exit point that can monitor Internet access, thereby enhancing the monitoring effort. Routing outbound information through a proxy server can prevent cyber criminals from trying to bypass network security.

For most networks, filtering content through a proxy server is a practical option, although it may not be realistic to stop every bit of suspected outbound information.

twelve。 Apply the principle of least privilege

In general, access should be based on the needs of the user's functionality. If the administrator is not the same person as the user of a particular workstation, it is much more difficult to download and spread malware.

This also makes it more difficult to use the automatic operation strategy to take advantage of the system. This further makes it more difficult for criminals to spread malware from one computer workstation to other workstations by using the user's network account credentials.

13. Monitor query responses to the domain name system

Continuous monitoring workstation queries to DNS servers are an excellent way to identify botnet symptoms. For example, monitor low time to live (TTL).

An unusually low TTL value may indicate a botnet. By carefully monitoring low TTL values, system administrators can take steps to resist * and eliminate botnets before the infection spreads.

14. Keep abreast of emergency threats

Keep the IT team abreast of the latest developments in local, national, and global cyber threats. For example, it is reported that the crime rate of using URL*** in email to the internal network is much higher than that of using attachments.

More generally, in the past year, there has been a staggering percentage of successful theft of information from internal networks through the use of botnets.

Keeping abreast of new developments and constantly updated network threats is the primary activity that network management professionals must consistently adhere to in order to effectively protect system security.

More safely into 2020

In order to protect those who trust you, protect their sensitive personal information, and protect your brand reputation, you need to defend network security in all aspects.

Use the above strategies, methods, and tools to ensure that you have effectively defended your network from email, mobile access points, social platforms and any other media.

As mentioned earlier, botnets now account for a large proportion of cybercrime. Using the above methods can help you build a solid network security framework that can be flexibly adjusted and expanded according to different network budgets and sizes.

Source of this article: The Hacker News, compiled and organized by Amber Network. Please indicate the source of the reprint.

Keep abreast of the network security situation in the stupid network equipment search system

For more security information, please follow:

Wechat official account Amber network; Sina Weibo @ fool search

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.