Hi Joachim I'm sure every has their own way of doing things I can tell you what we do if that helps
1. We use a UTM device in this case a ZyXEL USG300, that acts as our router, threat management system and firewall its very good but need some experience and understanding to setup, other exist but like all such devices only as good as they are setup, we have also setup this device to block suspicious and know malware sites etc. Prevention is better than cure. The we use GDATA (Enterprise version) as our Antivirus works both on Linux and Windows platforms protect against all sorts of nasty's both known and unknown., does not just rely on a databases this has saved us on many occasions when other leading AV's had failed, we have now move over to this 100% for our client side. And then we made sure all our client and server machines Linux or Windows based firewall is setup even for the internal or domain network access, a pain but very good at limiting and/or preventing the damage. On each of our servers we have scanner looking at traffic and process in real time, anything suspicious gets flagged for our immediate attention, you need to make sure your machines are capable of running such systems and still be usable. There are some good tools and sites out there, Google is your best friend here. 2. On top of all this we try and take a proactive preventative role making sure our passwords, shares, ACLs are setup appropriately, so if something does slip through the damage is minimized. We have moved to terminals for 95% of our needs, this has the added benefit of having full control of peripherals such as USB and other portable devices as well as minimizing the attack footprint. Wireless has very limited access and sometimes none at all to key data areas. Above all where possible we make sure that data coming in and out is via very strict routes, e.g. the only system that can send mail is our mail server, mail in whatever form cannot be sent from any other machine unless its via our mail server, and so on. And of course the golden rule backup regularly preferably automate it. It's not a complete list that would just take way to long but it may be helpful in pointing you in the right direction. Kind Regards Peter Atkin (C.T.O) cfts.co (u) ltd. Get I.T.Right +256-772-700781 | Skype: peter2cfu www.cfts.co.ug | location details | view my profile -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of joachim Gwoke Sent: Friday, June 14, 2013 3:18 PM To: [email protected] Subject: [LUG] Zeus Botnet C&C in our neighbourhood Report accuracy or not, what does one do to detect this? Or do we wait for some website to do the work for us? I'm not responsible for networks but I assume most of you are directly or indirectly. So what happens now? regards Joachim _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way. __________________________________________________________________________________ This e-mail is company confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains. Please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or for their consequences. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
