Combating Malware

We recommend that Local Support Providers (LSPs) review the options below and use their judgment regarding whether deployment makes sense for their unit. There may be local solutions already in place that fulfill the same roles (e.g. different patch management software). Before making a systemic change to how you manage systems, be sure to consult with IT leadership in your organization.

Prevention

Resources Provided by Penn

• Computing Security Policy: strong passwords, patching, built-in firewalls, A/V
• DNS Blackholing: SafeDNS Pilot
• Handheld Devices: Policy on Server-Managed PDAs
• Patch Management: Windows Automatic Update Service (WAUS)
• Phishing: archive of messages targeting Penn
• Strategy for Risk Reduction: Security and Privacy Impact Assessment (SPIA)
• Virus, Spyware, Adware Protection Symantec Endpoint Protection (SEP) on Windows
• Virus Protection: Norton AntiVirus on Mac
• Vulnerability Scanners: Nessus

Other Resources

• Configuration Benchmarks: CIS guidelines
• Finding Sensitive Data: Identity Finder Penn Preferred Pricing and Support
• Patch and Workstation Management: Tivoli Endpoint Manager for Security and Compliance Analytics (SCA) built on BigFix technology (through ISC Support-on-Site Services)
• Windows Security Enforcement:
  • Group Policy to enforce software restrictions
  • User Account Control (UAC), Windows 7 & Vista
  • AppLocker for Windows 7
• Personal Firewalls: Windows and Mac

Detection

• Malware Bytes
• Tom Liston's LaBrea Tarpit
• OSSEC

Last updated: Tuesday, January 29, 2013