- Government Technology News Articles
- Digital Communities
- e-Government
- Economic Stimulus
- Emergency Management
- Emerging Technologies
- Enterprise Technology
- Green Initiatives
- Products
- Public CIO
- Public Safety
- Transportation
- Wireless
- View All News Topics…
- Get News Via Email
- Industry Perspectives
- Case Studies
- White Papers
- Partner Sites
- Government Technology Magazine
- Current Issue
- Subscribe
- Contact
-
Get Govtech's
Daily Newsletter
Five Anti-Malware Recommendations That Could Save Your Network
Oct 2, 2009, By Hilton Collins
Found in: Security
Viruses and other malicious worms come so hard and fast nowadays that it can be easy to have a fatalistic attitude toward IT security. Outsider threats are everywhere, and cyber-criminals develop new code so fast that the good guys can't move fast enough to stop the latest digital diseases coming their way.
Many anti-virus programs search for known signatures, or established behavior, from existing viruses that already are out there. Once the programs identify these signatures, they get to work eliminating them. But oftentimes attacks come that no one's seen before, so there's no known signature to search for.
This means that security-minded pros have to get crafty. Below are five recommendations and links to advice that might provide some comfort to those looking for answers.
• Consider a least privilege security model: The SANS Institute, an organization that trains and certifies people in IT security, recommends a least privilege security model, or one where people are only given access to the systems and resources they need to perform their duties, and no more. That way, if something is infected, an "outbreak" is more contained because the privileges are more contained.
• Automate anti-malware updates: The Center for Strategic and International Studies, a nonprofit think tank that researches government and social issues, published the report, Twenty Important Controls for Effective Cyber Defense and FISMA Compliance, in August 2009 to let governments know what they should do to keep data under lock and key. Critical Control No. 12 suggests automating anti-malware updates because relying on users and policy to handle it manually isn't reliable enough.
• Install application software security: Critical Control No. 7 recommends installing tools, including Web application security scanning tools, source code testing tools and Web application firewalls, to safeguard against compromised Web applications that are floating around on the Internet.
• Write stronger Web site code to make sites more resistant to infiltration: "There is a real need for some scrutiny of the Web site code," said Roel Schouwenberg, a senior anti-virus researcher with Kaspersky Lab. If important Web sites were written with better quality code, it would be harder for cyber criminals to corrupt them. If organizations don't have the in-house expertise to build stronger code, they can seek help from consultants.
• Implement different types of white lists and black lists: A white list is a list of entities, whether they are applications, users, e-mail senders, etc., that can interact with or operate within your network. Conversely a black list is a list of entities that are denied access on a system.
TN
Industry Solutions for Government
Read real world deployments of technology in government from our sponsors.
View All Industry SolutionsRelated Products and Services
Marketplace
Video 
-
Clean Tech Capital
Chad Vander Veen reports on Sacramento's growing clean technology industry. -
Power Aid, Texting 911 & Broadband
Battery running low? Power up on the go. Got an emergency? Now some residents can text for help. And survey reveals broadband barriers. -
Belkin the Vampire Slayer
Belkin surge protector takes a bite out of vampire power.
Government Jobs
Browse hundreds of public sector career opportunities in GovTech's new jobs section. Popular job searches: government IT, public safety, GIS, transportation, CIO, security, health
Video, Government Articles, Slide Shows, Case Studies, Privacy Policy, News Feeds (RSS), MyGT
twitter
100 Blue Ravine Rd. Folsom, CA 95630.
916-932-1300 Copyright © 1995-2008. All rights reserved.
Government Technology Magazine
Government Technology Magazine provides information technology (IT) case studies, applications, news and best practices for state, city and county government.
Get FREE SubscriptionEmergency Management Magazine
Emergency Management Magazine provides technology news and solutions to the local government authorities that help protect our communities.
Get FREE SubscriptionPublic CIO Magazine
Public CIO Magazine provides technology news and solutions to public sector C-level technology executives.
Get FREE SubscriptionDigital Communities Magazine
Digital Communities Magazine is the premier information source for cities, counties and regions to explore and share experiences and best practices beyond just infrastructure and mobile innovations.
Get FREE Subscription
Comments
-Shift your resources more toward endpoint protection and control. Network appliance/server solutions offer less and less value, and they do nothing for off-site computers. -Replace your paid-for anti-virus/spyware software with Microsoft Security Essentials. Signature-based protection is signature-based protection. You need to shift your costs to a different kind of protection - Consider something like AppGuard Enterprise or EdgeGuard (hey, other vendors have viable options too) as that 'different' kind of protection. Instead of deciding if something inbound to the PC is good or bad, these place the application that processes that inbound something under guard, in case its an attack. If so, the attack is snuffed out. Stops drive-by download attacks, USB attacks, and MBR rootkit attacks. Key point: your selection MUST heavily weigh usability from both an end-user and administration perspective. Don't be distracted by the features list as products with longer lists tend to have much higher operations costs and user distractions. - Have your users employ two or more separate web browsers. The internal security of web browsers is far more scary than you know. Separate web browsers compartmentalizes things such that your online banking in say Firefox cannot be eavesdropped or altered by some Javascript running in Internet Explorer from some other website - Insist on limited user accounts (LUA) to reduce attack surface, but it doesn't eliminate them - implement some form of policy enforcement system that ensures that all of your security software is running, up-to-date, and fully utilized. Roughly speaking, 25% of an endpoint population has at least one problem with at least one of its security applications. This should also be used to enforce your FDCC or other security configuration requirement policies. Be certain your solution works for off-enterprise computers, including policy updates (stuff changes and PCs are always on the go) - Cast SSL VPN aside, unless you have nothing of a confidential nature that employees remotely access. They are not client-less anymore either. If you do have confidential information..., deploy an IPSec client with your software distribution / patch management system and put those PIV cards to work. BTW, don't forget to look at secondary, local Active Directory authentication (as opposed to merely 'look-up') For more info, go to www.securitynowblog.com
Latest News in Security
Latest Government Technology News