X hits on this document

PDF document

Symantec enterpriSe Security - page 84 / 97





84 / 97


Symantec Global internet Security threat report

Appendix A—Symantec Best Practices

Symantec encourages all users and administrators to adhere to the following basic security best practices:

Enterprise best practices

  • Employ defense-in-depth strategies, which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. this should include the deployment of regularly updated antivirus, firewalls, intrusion detection, and intrusion protection systems on client systems. Using a firewall can also prevent threats that send information back to the attacker from opening a communication channel.

  • Administrators should limit privileges on systems for users that do not require such access and they should restrict unauthorized devices, such as external portable hard-drives and other removable media.

  • turn off and remove services that are not needed for normal company network operations.

  • test security regularly to ensure that adequate controls are in place.

  • Educate management on security budgeting needs.

  • if malicious code or some other threat exploits one or more network services, disable or block access to those services until a patch is applied.

  • Administrators should update antivirus definitions regularly to protect against the high quantity of new malicious code threats and ensure that all desktop, laptop, and server computers are updated with all necessary security patches from their operating system vendor. iDS, ipS, and other behavior-blocking technologies should also be employed to prevent compromise by new threats.

  • Always keep patch levels up to date, especially on computers that host public services and applications— such as Http, Ftp, SMtp, and DnS servers—and that are accessible through a firewall or placed in a DMZ.

  • As compromised computers can be a threat to other systems, Symantec recommends that affected enterprises notify their iSps of any potentially malicious activity.

  • Consider implementing network compliance solutions that will help keep infected mobile users out of the network (and disinfect them before rejoining the network).

  • Enforce an effective password policy. Ensure that passwords are a mix of letters and numbers, and change them often. passwords should not consist of words from the dictionary.

  • perform both ingress and egress filtering on all network traffic to ensure that malicious activity and unauthorized communications are not taking place.

  • Mail servers should be configured to block email that appears to come from within the company, but that actually originates from external sources.

  • Consider using domain-level or email authentication in order to verify the actual origin of an email message to protect against phishers who are spoofing email domains.

  • Configure mail servers to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif, and .scr files.

Document info
Document views324
Page views324
Page last viewedTue Jan 17 01:15:42 UTC 2017