Your browser is obsolete!

The page may not load correctly.

The rules of ”basic hygiene”

Правила гигиены

Other issues in this category (99)
  • add to favourites
    Add to Bookmarks

Monitoring doesn’t mean surveillance

Read: 15340 Comments: 3 Rating: 9

Monday, July 23, 2018

Humanity is rushing to embrace the digital economy, which is promising our society complete digitisation and all sorts of benefits. But even the new digital world won't be able to do without a) top managers and b) their subordinates (here we are going to talk about system administrators). And yet, no matter how obvious and trite the point may seem, malware will persist, too, and so will infection incidents and (unsurprisingly) anti-viruses. How are all these attributes of the upcoming digital era related to each other? Well, the relationship is complex and somewhat dangerous!

Mistakes made by companies when establishing an information security system can result in:

  • Money and data being stolen by robots and the company’s own devices, or their employee’s personal devices that are also used for work;
  • Malware outbreaks in multiple corporate infrastructures;
  • The corporate infrastructure being used for illegal activities, including terrorism;
  • Attacks on critical infrastructure elements;
  • Unreliable authentication routines being exploited by scammers to compromise business communications.

This is not a complete list, and items will surely be added to it in the future. Why are we bringing all this up?

The WannaCry and NotPetya outbreaks are already stale, but we can't find better examples to illustrate our point.

System administrators understand that centralised control over anti-virus software can prevent users from changing its settings.

Trojan.Encoder.12544 uses Mimikatz and two other methods to acquire the list of local and domain users accessing an infected machine.

Then it looks for shared folders in which it will have the write permission and then uses the acquired credentials to save its copies in the folders.

https://news.rambler.ru/ukraine/40025466-v-sbu-rasskazali...

That's NotPetya. The one that managed to spread across so many corporate networks because system administrators disabled anti-virus software on the computers with their own hands to make sure that it wouldn't interfere with MeDoc's operation—a recommendation received from the very developers of the ill-fated application. We are confident that in many cases the administrators didn't notify their superiors that they were going to pull the plug on the anti-virus. And undoubtedly, many top managers never learnt why their businesses suffered from some Petya. The secret was never revealed.

#corporate_security #Dr.Web_settings

The Anti-virus Times recommends

The outbreak could have been prevented.

The Dr.Web Control Center doesn't just administer anti-virus software remotely. It can also control what applications are being installed on the hosts (by the way, here is a brief PDF guide on how to accomplish this) and notify administrators about important anti-virus security events.

Monitoring does not mean surveillance

An IT security chief can't monitor all of their subordinates' actions (otherwise, why would they need to employ all those people?), but they should always be able to check what's going on in their corporate network. And the sooner they get notified about incidents, the better. To accomplish this, Dr.Web Enterprise Security Suite provides statistics (as well as notifications and the option for integration with other security systems, although a company’s leadership can easily keep track of important events).

#drweb

Here, for example, the first entry indicates that a user has disabled the resident anti-virus protection. Are they permitted to do that? Let's ask the system administrator!

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments

Comments to other issues | My comments