Combating Spyware in the Enterprise

Frequently Asked Questions

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the concepts presented in this chapter and to assist you with real-life implementation of these concepts. To have your questions about this chapter answered by the author, browse to www.syngress.com/solutions and click on the Ask the Author form. You will also gain access to thousands of other FAQs at ITFAQnet.com.

1.

I have botnet clients running in my enterprise. What should I do?

2.

Why would hackers try to add my computer to their botnet? I have nothing on my computer.

Answers

1.

Work with management to determine an acceptable strategy.The most Net-responsible strategy is to work with law enforcement and other victims to find the bot herder and press criminal charges and/or raise a civil suit.At a minimum, the strategy should incorporate a recovery approach that includes observing botnet traffic to gather information, protecting against retaliation (DDOS), filtering or diverting the traffic, and then removing the botnet clients using an antivirus tool in a clean boot environment, or re-imaging the hard drive and implementing rigorous patch management, malicious code version management, and official change management to prevent future infections. Next you should take down the botnet itself by taking down the botnet server. Ideally you should do this on the IRC server if it s publicly owned, or from a proxied address if not, and you should take this step only with the consent of...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Knowledge Management Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.