One of the more practical moves an organization can make in battling vulnerabilities is to turn off and remove unneeded functions from computer systems such as Web-based services, says an anti-virus expert.
“”Basically, if you don’t need it, turn it off and it can’t be exploited,”” according to
Michael Murphy of Symantec Canada. “”For example, under Windows, NT IIS (internet information service) was installed by default under Windows 2000 which was the service exploited by Code Red and Nimda and there’s probably no need for individual users to have that service,”” he said.
In the last while, vendors and manufacturers are releasing products with features turned off by default. If people want them, they must go physically turn them on.
1. If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
2. Always keep patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
3. Enforce a password policy.
4. Configure your e-mail server to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
5. Isolate infected computers quickly to prevent further compromising your organization. Perform a forensic
analysis and restore the computers using trusted media.
6. Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses.
7. Ensure emergency response procedures are in place.
8. Educate management on security budgeting needs and encourage support from top down.
9. Test security to ensure adequate controls are in place.