NSA报告:防守破坏性恶意软件的最佳方法

2015/03/05

US National Security Agency (Nantional Security Agency NSA) Information Assurance Bureau recently released “The best way to defend the destructive malware,” one on. The document describes the organization can take concrete action to protect their networks from malicious software attacks and to prevent or reduce losses.

According to the report, said: “Once the malicious successfully control an organization’s network, the attacker has the ability to steal or destroy all data on the network.” It concluded that “organizations and government networks best protection is to take the initiative to prevent attackers control network.

The report advocates the method is “the prevention, detection and containment,” which include:

“Degree of network isolation to the attacker difficult to attack

“Conservation and limit administrative privileges

“Deployment, configuration and monitoring application whitelisting to prevent the execution of unauthorized software or a malicious nature

“Restrict communication between workstations, in order to limit the spread of the attacker and hide in the network

Tool “to implement border defense technology, such as network firewalls, medical firewalls, network agents, sandbox and traffic analysis of the

“Maintenance and monitor all activity on the network device logs

“Implementation hash passed mitigation measures to prevent credential theft and reuse

“Implementation of anti-exploitation features, such as Microsoft’s Enhanced Mitigation Experience Toolkit (EMET)

“Deploying antivirus protection and anti-virus service reputation

“Implementation Host Intrusion Prevention System (HIPS)

“Even Updates and Patches

The report also recommended that the organization should be prepared to strong incident response and recovery plans to deal with the problem of data breaches.

The report also pointed out: “off-line backup and implement incident response and recovery plans, you can make the organization as soon as possible in the time easier to recover, rebuild and restart quickly into normal business.”

Write a comment

Name
Comment