forgot to add you need to identify the propagation method, and its potential to infect other hosts. If it does do some sort of worm like activity, that needs to be your first thing that you mitigate.
On Thu, Sep 2, 2010 at 2:17 PM, Bill Swearingen <[email protected]>wrote: > Sounds like you need to take a quick step back and assess your position: > > > - What malware are you working with? (any details online?) > - What are its specific characteristics? > - How many potential machines? > - Does it phone home in any way? > - What tools/systems do you have in place that can *detect* an infected > system? > - What tools do you have that can clean an infected system? > > Then design your incident response from there. > > On Thu, Sep 2, 2010 at 10:27 AM, Tyler Robinson > <[email protected]>wrote: > >> Hey everyone just wondering what kinds of procedures you are using to >> prevent and stop virus outbreaks on your local network after some genius end >> user investigates child porn on local network PCs. Do most of you use >> microsofts firewall with GP and just open exceptions for the applicatoins >> that need it or run another piece of software. I have a massive infection >> that i cannot track down our Eset is catching them but my network is nothing >> but trojan packets we were not running an internal firewall (previous Admin >> setup) without hardend systems, So do i start hardening systems first and >> then do a GP with Firewall or does anyone have any better suggestions first >> to get my network back and clean the infection second to setup the correct >> way so there is no next time..As always thanks so much to the PDC community >> you guys are the best. >> TR >> >> -- >> Tyler Robinson >> Owner of Computer Impressions >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
