Library items tagged: advice

Zeus/Zbot

Anonymous
Monday, February 13, 2012 - 20:12
security
incident response
CSIRT
advice
malware
Zeus
Zbot
Zeus is the name for a family, or perhaps ecosystem of malware that is created and customised using a single toolkit. Not only does the toolkit generate the executable that infects systems, but it also produces server files that act as the command and control infrastructure for the operator’s botnet. Primarily Zeus is used to steal banking details through the use of keystroke logging and screen captures that are sent from the infected system to the command and control sever.
Read more

Spam bounces considered harmful

Anonymous
Monday, February 13, 2012 - 20:10
CSIRT
advice
incident response
security
spam
Rodney Tillotson The expectation that e-mail services will return a failure notice or report for messages that cannot be delivered is no longer realistic. In most cases Janet-connected organisations should not attempt to provide such notifications.
Read more

Penetration testing

Anonymous
Monday, February 13, 2012 - 20:09
security
incident response
CSIRT
advice
penetration testing
testing
factsheet
PB/INFO/082 (11/04) Many organisations are looking to have some form of penetration testing performed on their systems. This may simply be to evaluate existing security measures and to find gaps where security needs improvement, but increasingly it is performed to comply with security standards when connecting to public sector networks or processing payment details.
Read more

Jisc CSIRT use of NetFlow data

Anonymous
Monday, February 13, 2012 - 20:09
CSIRT
NetFlow
advice
data
incident response
security
usage
Jisc processes NetFlow data collected on various routers within the Janet network. This NetFlow data is used in planning, network operations, research and security incident response, and is considered necessary to effectively complete some of the tasks involved in these areas.
Read more

Investigating SSH port scans

Anonymous
Monday, February 13, 2012 - 20:09
CSIRT
SSH port scans
advice
incident response
scanning
security
This page provides a brief overview on how to deal with reported SSH scans originating from your own systems. It does not cover SSH scanning targeted at your systems and originating elsewhere.
Read more

DNS Resolver configuration

Anonymous
Monday, February 13, 2012 - 20:08
CSIRT
DNS resolver
advice
configuration
incident response
security
Background There is a great deal of literature about the operation of authoritative nameservers, but not so much about the resolver function.This note is for system and network managers or administrators in Janet organisations (particularly smaller organisations with relatively simple networks) and is intended to give them confidence that they have correctly configured this straighforward but critical part of the DNS in their own networks.
Read more

Dealing with worms or viruses

Anonymous
Monday, February 13, 2012 - 20:06
CSIRT
advice
incident response
security
viruses
worms
This advice is principally to help a Janet organization respond properly to reports from Janet CSIRT that a worm or virus is present in their network. The intrusion of worm and virus software to one or more of your computers is the most common class of network abuse. In some cases it does little obvious, direct or immediate harm to your network; but it does need dealing with systematically and promptly:
Read more

Blocking LAN service ports

Anonymous
Monday, February 13, 2012 - 20:05
CSIRT
advice
blocking
incident response
security
service ports
Some ports have historically been associated with security vulnerabilities, but see little legitimate use on a WAN or the general Internet. They present a risk to your network and little to no legitimate use is prevented by blocking them. If your network is partitioned with one or more firewalls so that different parts support different functions or groups of users, you should consider applying the same restrictions at the firewalls between them.
Read more

Malware

Anonymous
Monday, February 13, 2012 - 20:04
CSIRT
advice
incident response
malware
security
Malware is a term used to encompass a wide and growing variety of software threats to the security of computer systems. It consists of software designed to interrupt the normal operation of a computer for some malicious purpose. This may simply be to disrupt the normal operation of a system but more commonly and increasingly it is used to gain unauthorised access to resources and information.
Read more

Copyright infringement notices

Anonymous
Monday, February 13, 2012 - 20:03
CSIRT
advice
copyright infringement notices
incident response
security
As the listed abuse contact for much of the IP address space in use on Janet, Janet CSIRT receives many copyright infringement reports on behalf of the Janet community. Janet CSIRT is not able to identify individual users or machines on its customer organisations’ networks, so the most effective way to deal with these complaints of unacceptable use of the network is to forward them to the responsible customer organisation. Those organisations are required by the Janet AUP to deal effectively with complaints.
Read more