HOT LINE 1654

Media

Recommendations of CERT.AZ for the removal and prevention of information security incidents

15 Jan 2014

CERT.AZ conducts the work on requests submission, triggering the alerts and prevention and advising related to following types of incidents:

 

-      Denial of Service (DoS, DDoS);

-      Breaching/attack of Internet-resources;

-      Malware implementation and distribution;

-      Phishing within the Internet;

-      Viruses;

-      Botnets and etc.;

 

In order to acknowledge people about computer incidents below we are performing measures of their prevention and elimination.

 

1. Measures to prevent and eliminate web-sites breaching:

 

  • For network administrations and owners of Internet-resources:

 

-      regular change the passwords of accounts that have access to control system (in particular, after the discharge of employees that had access to the web-site);

-      prohibit the storage of passwords on a computer connected to the Internet;

-      separate the permission rights of employees who work with the web-site (e.g. site content editor should have access only to the content, unlike other sections of web-site);

-      update antivirus programs and firewalls etc;

-      limit the physical access to server, switching equipment and computers of employees, who have the rights to manage the servers and web-site.

 

  • For users:

 

-      keep the antivirus program updated by periodical check of computer for the presence of viruses;

-      protect a database from information theft;

-      regularly update the operating system, browser and other software from the reliable site;

-      don`t receive files from unknown users;

-      don`t open attachments sent from unknown resources;

-      download files with caution;

-      check the downloaded software before installation;

-      ignore the links within spam, instant messages or chat.

 

2. Measures to prevent and eliminate the incidents related to malware implementation and distribution:

 

  • For network administrations and owners of Internet-resources:

 

-      install an antivirus program, check all site’s files to presence of viruses, not forgetting to save the backup copy of the site   

-      install and remove the cause of the site infection;

-      keep antivirus programs periodically checking the site to presence of viruses;

-      install firewall;

-      keep the antivirus program updated by periodical check of computer for the presence of viruses;

-      don`t receive files from unknown users;

-      don`t open attachments sent from unknown resources;

-      download files with caution;

-      check the downloaded software before installation;

-      ignore the links within spam, instant messages or chat

-      periodically change all passwords: ftp, ssh, mysql, passwords of web-site administration accounts (cms passwords) and use complicated hard to crack passwords.

 

  • For users:

 

-      keep the antivirus program updated by periodical check of computer for the presence of viruses;

-      protect a database from information theft;

-      regularly update the operating system, browser and other software from the reliable site;

-      don`t receive files from unknown users;

-      don`t open attachments sent from unknown resources;

-      download files with caution;

-      check the downloaded software before installation;

-      ignore the links within spam, instant messages or chat.

 

3. Measures to prevent and eliminate the incidents related to phishing:

 

  • For network administrations and owners of Internet-resources:

 

-      remove phishing-link, block the page with phishing-link;

-      recommendations are the same as in the case of breaching.

 

  • For users:

 

-      keep the antivirus program updated by periodical check of computer for the presence of viruses;

-      protect a database from information theft;

-      regularly update the operating system, browser and other software from the reliable site;

-      don`t receive files from unknown users;

-      don`t open attachments sent from unknown resources;

-      download files with caution;

-      check the downloaded software before installation;

-      ignore the links within spam, instant messages or chat.

 

4. Measures to prevent and eliminate the incidents related to botnets:

 

-      install firewall;

-      regularly update the operating system, browser and other software from the reliable site;

-      don`t receive files from unknown users;

-      don`t open attachments sent from unknown resources;

-      download files with caution;

-      check the downloaded software before installation;

-      ignore the links within spam, instant messages or chat;

-      ignore the messages where you asked to enter the login, password and number of bank card. Legitimate systems do not send such letters. In order to clarify the situation you should contact to support service where you get the offer;

-      don`t open your passwords to unknown people;

-      don`t transfer private information to anyone via phone, personally or via e-mail while you get the evidence that it is  precisely those people who should have the access to it;

-      check up the level of data confidentiality installed on the web-site before transmitting your personal information to it;

-      use protected mode HTTPS within the browser while making a payment on the Internet-resources. You should also check the certificate of web-site with available HTTPS mode.

 

5. Measures to prevent and eliminate the incidents related to phishing DDoS attacks:

 

  • For network administrations and owners of Internet-resources:

 

-      receive the logs of attacked system;

-      analyze the logs.   Determine the type of DoS or DDoS attack.

-      apply the methods of narrowing the channel, closing certain ports, disabling certain protocols, adding special rules to ignore spam messages, etc.

-      notify the owners of IP addresses involved in DoS or DDoS attack, or hosting providers about incidents related to botnets or spam.

-      consult the owner of the attacked resource about measures to prevent and eliminate of this type of incidents (improvement of the general security policy of enterprise).