8 Cyber-Security Recommendations to Fight Botnets

Combating botnets often inadequate in the public sector, vendor says.

by / October 19, 2010

Cyber-threats can come from almost anywhere and suddenly appear from nowhere. One security vendor issued a recent warning about a particular piece of malware that’s apparently as sneaky as a ghost hiding in users’ machines.

“Botnets are on the list of very scary things. I would say for an average organization, they probably ought to be at or close to the top of the list,” said Peyton Engel, a technical architect at CDW-G.

A criminal can plant a botnet in a network to automatically run undetected. This type of malware can launch cyber-attacks or viruses that often go unnoticed by users until it’s far too late. CDW-G warns that strategies to fight these “invisible” menaces are often inadequate and uncoordinated, in both the public and private sectors.

“That is not a problem that’s limited to state and local governments. It’s a very widespread thing, and it’s really the nature of the botnet threat,” Engel said.

But governments can be disadvantaged in the security fight because they often have less money than the private sector, he said. “They tend not to be extraordinarily wealthy, so they often don’t have as much money to spend on security as some other organizations might,” he said.

CDW-G offered several steps toward botnet preparedness for organizations. Engel claimed that no organization does them all.

These recommendations include:

  • Install a Windows firewall to block network-based exploits.
  • Disable Autorun to prevent operating systems from blindly installing software.
  • Compartmentalize networks to help isolate threats and keep infections from spreading.
  • Provide least privilege by preventing users from being administrators so attacks can follow a particular person’s account credentials.
  • Install host-based intrusion to keep botnets from taking root in a system.
  • Enhance monitoring capabilities so organizations can more easily obtain information about network health.
  • Filter data leaving the network to mitigate the way botnets communicate with remote servers that hackers use to obtain information.

Force a portion of outbound traffic through a proxy server to create a secondary choke point for monitoring and controlling Web access.

But every organization is unique, so each should choose its cyber-security strategy based on individual need.

“It is a list of things that you can do to help if you’re trying to cut down on the problem, but you could go crazy to try to exhaustively explore the list,” Engel said. “They’re just not all going to make sense in all environments.”

Security is a constant struggle, so organizations should prepare for potential incidents.

“Creators of malware these days are continuously demonstrating to us that they can fly under the radar of our anti-virus systems, and they can bypass those controls,” Engel said. “So we pretty much need to start taking it as a given that sooner or later, we’re going to have some sort of incident, and we need to start thinking not purely in terms of prevention, but also of minimizing the consequences when those things do happen.”

For more tips, go to CDW-G.

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs