SOME OF TODAY'S SECURITY RESPONSES
Detecting potential malicious activity - Network
Understand your network's traffic patterns and develop a baseline of network traffic. If you see a significant unexpected change in your network traffic you may be seeing the symptoms of malicious activity.
Detecting potential malicious activity - Client workstation
On a Windows workstation if you run “ netstat –a ” from the command line you can see the ports that the workstation has open and to whom it's trying to connect. If you see ports open that are unexpected, especially ones outside of the well known range (1 – 1024) or connections to unexpected IP addresses, then further investigation may be worthwhile.
Tightening Corporate Email security
With the prevalence of mass mailing worms and viruses McAfee offered a couple of no/low cost steps that help to tighten your email security.
- Prevent all SMTP traffic in/outwards that is not for your SMTP server
- Prevent MX record look up
- Create a honeypot email address in your corporate email address book so that any mass mail infections will send an email to this honeypot account and alert you to the infection. It was suggested that the email account be inconspicuous e.g. not containing any admin, net, help, strings in the address. Something like '#_#@your domain' would probably work.