1. Tricks to remain immune from newTricks to remain immune from new and upcoming virus, even before your anti-virus is updated Expect the Unexpected: Heraclitus [Greek Philosopher] 1 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com

2. DEFINE THE PROBLEM : Accessing your organisations security posture is critical to understand steps to take for adequate security to information data, identity data and DEFINE THE WORKSPACE: IDENTIFY THE DOORS: DEPLOYING SPECIALIST S/W: identity data and operations. MAP YOUR OFFICE: ACCESS CONTROL: KEEPING SYSTEMS UPDATED: 2 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 3. Despite having an Anti-virus, your computer users complain of slow system performance, or internet access, or computer users complain of slow system performance, or internet access, or printing taking more than usual time. You suspect, some virus at work, but believe that your anti-virus software might be working, so ignore the suspect, and try troubleshooting the problem, usually ending up formating the system, PROBLEM DEFINED: and try troubleshooting the problem, usually ending up formating the system, and in effect reducing productivity of that user for the time you are busy formating, and installing relevant new software. 3 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 4. Talking to the antivirus vendor, might result in them giving amight result in them giving a new tool for solving the problem at hand. However, such problems can be prevented if you follow some simple procedures. USUAL FIRST STEPS: simple procedures. Know what you are managing 4 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 5. List down all applications in use in your organisation, and selectively, whitelist them in your Antivirus software. This can APPLICATION WHITELISTING them in your Antivirus software. This can easily be achieved by keeping the administrator account password within IT, and letting users run known programs. Any new entrant, patch to existing program should be tested in a sandbox computer before installing on production systems. DEFINED WORKSPACE: systems. Whenever the antivirus detects a malware/trojan, update your application blacklist, and get the end clients to update themselves of the changes 5 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 6. Enlist all entry points into your IT systemsthey can be mail KNOW WHAT TO PROTECT systemsthey can be mail servers, webservers, FTP servers, SQl databases, firewalls, fileservers etc An anti virus at all entry points IDENTIFY THE DOORS: An anti virus at all entry points into your IT infrastructure helps prevent known virus and malware/trojans entering. 6 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 7. Pick appropriate type of antivirus, say, a mailserver, cannot be fully protected, if you install desktop antivirus on that APPLICATION WHITELISTING mailserver, cannot be fully protected, if you install desktop antivirus on that computer. You need to have an antivirus in-line with the server process, say SMTP Anti-virus server, POP/IMAP Antivirus server. Usually these antivirus are specialised SPECIALIST S/W: Usually these antivirus are specialised apps, sold by the mailserver vendor, or system integrator. Take their help in identifying right selection. 7 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 8. Know the architecture of the network at your office, if required, redesign that to make small segments. Small segments NETWORK SEGMENTATION make small segments. Small segments help control broadcasts, and virus self- propogation. The trojan/malware will get limited within that segment. Usually these segmentation is achieved by VLANs, or simple TCP IP addresses of different subnets. The idea is to separate networks of MAP YOUR OFFICE: The idea is to separate networks of computers of different risk profile users, such as finance, sales, marketing and management; Internet facing computers, DMZ devices etc. 8 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 9. Give users access to only those folders they need to access. DO not LIMIT USERS NETWORK RIGHTS folders they need to access. DO not give them full access to folders ever. By default, all folders should be NOT SHARED. Give sharing on a need-to-know basis. Do not allow users to use administrator accounts. Change ACCESS CONTROL: administrator accounts. Change passwords of all administrator users, and give them standard users privileges. 9 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 10. Keep all the entry point servers/routers/firewalls/ KEEP YOUR ENTRY POINTS UPDATED servers/routers/firewalls/ gateways patched to recent updates sent by the manufacturer. Most hackers have access to known vulnerabilities, and keep UPDATES: Most hackers have access to known vulnerabilities, and keep seeking unpatched systems to attack. 10 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 11. If at all you are in the middle of an attack, identify infected systems, isolate them from network, limit the damage, keep communicating with the stakeholders involved, such KEEP YOUR COMMUNICATIONS HANDY keep communicating with the stakeholders involved, such as end-users, managers, data owners and management. Your management does not want to hear the technical details of what exactly happened, keep an executive summary ready, which would have key elements answered: how long would it take to kick back to service, how much cost [if any] and if standby systems are ready, RESPONSE: how much cost [if any] and if standby systems are ready, their status, and system availability. Communicate with all levels, if any Dos or DONts have to be followed immediately, verbally, or via available communication means. 11 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 12. Todays IT professionals must equip themselves for not onlyTodays IT professionals must equip themselves for not only known threats, but the new reality of unknown threats. Troubleshooting, prevention of recurrence and communication are key skills you should have. Finally, be ready for any eventuality, anytime, as rightly phrased by the ancient Greek philosopher Heraclitus Expect the UnexpectedExpect the Unexpected 12 Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com 13. I AM REACHABLE ON PCTHAKKAR @ GMAIL . COM 13 @pcthakkar/pcthakkar Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com