[sdnog] Network Full with malicious activities
Philip Paeps
philip at trouble.is
Thu Nov 22 15:58:13 SAST 2018
On 2018-11-22 16:53:10 (+0100), Khadiga Elhassan wrote:
> Hi all ,what is the most proper way of dealing with a network full of
> malicious activities .
> From where to start
If possible, put all hosts on the affected network in quarantine: no
egress traffic other than DNS, NTP and HTTP/HTTPS until proven healthy.
> and does free anti-viruses help?
It is increasingly difficult to distinguish anti-virus software from
malware.
There is something to be said for filtering inbound email for viruses,
but it's unlikely that you are anyone's only source of email. If you're
going to bother scanning email, please remember to also scan outbound
email. ClamAV can do this.
Relying on anti-virus software alone is not going to be very effective
though. A much better strategy is education. Monitor your network for
malware and educate users on keeping their software patched.
At a university, it may be useful to add a class on elementary computer
security to the list of things you force new students to sit through.
Depending on the number of students you have coming in every year, it
may also be possible to refuse them connectivity until they can prove
their device is healthy. It won't actually stop anyone from connecting
their devices (that's not how students work) but it could create some
useful social pressure (that is how students work).
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
More information about the sdnog
mailing list