V
V
Vladimir Kamyshanov2014-05-06 20:57:05
Malware
Vladimir Kamyshanov, 2014-05-06 20:57:05

What are non-obvious ways to detect viruses on the network?

Detection and neutralization of viruses is a common problem for companies of any size. Here, in my opinion, there are no competitors, we are all in the same boat.
Colleagues who use non-obvious methods (not included in IPS or rarely included) to search for infected machines in their network, indirect, non-trivial, please help with advice, share your experience.
Thanks in advance.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
D
Deerenaros, 2014-05-07
@Deerenaros

Perhaps I will open America to someone, but .. With brains.
Actually, if there is no way to use * nix's, then there is only one way out - to greatly increase the literacy of network users. A properly used system will not give a single chance for a virus to get into the system, except, ofk, for huge security holes.
That is, we set up group policies, only what is needed for work. The rest - or nafig, or in the sandbox'e.
By the way, sandboxes are an interesting thing. Not so long ago, I conducted an experiment that surpassed all expectations: I installed and configured a chromium-based browser that saves everything in sandboxes. Everything that is downloaded gets, so to speak, into the root sandbox. Any executable that runs inside a sandbox gets its own fully isolated sandbox. For reading - everything within root'a, for writing - only to itself. The only way to get full access to the file systems is to run from outside, but only the admin can do this. How did he exceed all expectations? Yes, xs, I didn’t measure viruses, but it became possible to surf pron normally =)
Well, and one more thing - all servers are only * nix, root only from local, sudo wants a root password that only the admin knows, ssh for separate passwords 8 characters long from anything.

M
morgan, 2015-02-10
@morgane

You can add analysis of incoming e-mail for attachments of executable files, scripts, links.
First, manual analysis, if you are surprised by what you find, then try mail gateway.

V
Vasily, 2015-11-02
@nvv

The task of protecting against malicious code (viruses, etc.) should be solved in a complex way:
- strict but reasonable restrictions (Internet, user rights, installed software, connected devices, etc.)
- anti-virus protection in several levels (several vendors, it is more difficult to maintain , but also more difficult to bypass)
- software update policy (OS, application software, hardware firmware)
- traffic monitoring (IDS / IPS, DNS traffic filtering services, blocking unused protocols)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question