«
»

Conficker Update

Update: An excellent resource list is available at the Internet Storm Center.

The headline at dailymail.co.uk read “April Fool’s Day computer virus is activated… but fails to cause internet chaos.”

I guess the rumors were unfounded. However, it’s important to note that the virus is still rampant and speculation on the potential uses of such a huge botnet are as well. Some surmise that it might be used to DDOS the crap out of some poor server(s). It might also be used to crack passwords or encryption. Check out http://downadup.org to read more and for removal tools. It’s also a good idea to prepare your network for the potentiality of attack. Don’t be a soft target.

Here’s a couple (read non-comprehensive) ideas on how to not be a soft target:

  • Backup, backup, backup
    • Have systems ready to leap into action if necessary, and keep at least one form of backup offline in case of worst-case scenarios.
    • If you don’t already have a backup strategy in place, it’s time to implement one.
  • Control access to your critical services
    • Enforce strong passwords – or better yet, employ multi-factor authentication. PPP is a strong candidate for the thrifty.
    • Audit your users – does that guy who quit last year still have an active user account? Do your non-administrative users have access to critical servers?
    • Use fail2ban or iptables to detect and drop password-guessing attacks – even with 10 million + IP’s to choose from, it’s not easy to crack a password/one-time password combination when you only get 3 tries per IP.
  • Watch your traffic (not really a botnet vulnerability, but good practice in general):
    • Control your legacy services – seriously, it’s time to retire telnet and other services that transmit passwords in cleartext.
    • https > http – especially when it comes to passwords. Don’t allow users the ability to transmit passwords over http.
  • etc…

I’ve hardly compiled a comprehensive list, and I welcome comments for other good practices, but the most important takeaway is to be cognizant of your security stance. Don’t make it easy for the bad guys.

Tags: , , , , , , ,

This entry was posted on Wednesday, April 1st, 2009 at 08:13 by jim and is filed under Infrastructure, Internet, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>