Hypothetical Lockdown

Discussion in 'other software & services' started by Acerbic, Dec 1, 2010.

Thread Status:
Not open for further replies.
  1. Acerbic

    Acerbic Registered Member

    Joined:
    Dec 1, 2010
    Posts:
    3
    Say I wanted to stop 100% of unknown code from launching in an enterprise environment. This includes javascript, executables, dlls, flash, compiled java, activex, etc etc etc. Obviously this isn't realistic, because some code could come in the form of malicious PDF documents among other attack vectors.

    What layred defenses would you use in a perfect environment if you had complete control?
     
  2. Acerbic

    Acerbic Registered Member

    Joined:
    Dec 1, 2010
    Posts:
    3
    Also, how would you prevent malicious interpreted code from being introduced into your environment. How would you mitigate some of the damage that a malicious file could do?

    Sandbox? Application virtualization?
     
  3. cm1971

    cm1971 Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    727
    Sandbox/virtualization would be the way to go. Use something like Sandboxie, GeSWall or Defensewall in addition to Returnil. When used as part of a layered defense this will give you excellent protection. I use GeSWall with Returnil and have never been hit with anything. Add a good antivirus and firewall and you will have optimum protection. Nothing is 100% though and as malware evolves it is still possible you might get hit with something but such a setup would help greatly reduce the chances. There are also some settings you can change in Adobe Reader that will help against PDF attacks. You also might want to look into something like Clonezilla that will clone your hard drive so that in case you do happen to get hit with something you can be right back where you were in a few minutes.

    There are some anti-execute programs you can use but I never have used them so I'll let someone else comment on that. You can add a few on demand scanners like Malwarebytes and Hitman Pro. There are some great Firefox addons that will protect you on the Internet. I use NoScript, KeyScrambler, Adblock Plus, Request Policy, LastPass and Better Privacy. NoScript blocks Javascript which is one of the primary ways malware infects a computer on the Internet. Hope that helps.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    Sounds like a perfect scenario for someone to use Avast Internet Security.;)
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Sounds like SRP default deny to me. Maybe applocker as well if you have that version.

    Perhaps a 3rd party tool that is similar with a learning mode would be best.

    I wonder if a guy should make a learning mode tool for SRP? That might be nifty to have lol.
    (kinda like a program saying "HEY, a new process was started!! Want to add it to SRP?")

    Sul.
     
  6. hossie

    hossie Registered Member

    Joined:
    Nov 8, 2005
    Posts:
    88
    A different view all together on this ..

    It all depends on the enviornment of work, what if some one writes his own scripts and run it ...

    Implementing tools to block any script from running, wont it impact the performance.
     
  7. Acerbic

    Acerbic Registered Member

    Joined:
    Dec 1, 2010
    Posts:
    3
    I was thinking the same thing. I could always use a whitelist with applocker but unless you sandbox all applications that run interpreted code there's no way to prevent untrusted code of any kind.
     
Thread Status:
Not open for further replies.