Virus Outbreak prep work

Riz · External Since: Sep 16, 2009 Posts: 3

Hi All,

I am Anti-Virus Administrator of an orginization with over 1200
devices ( PCs, laptops server) and preparing for the worst...
I use McAfee EPO to manage most of the things and 90% of the machines
are updated daily with latest DATs, I am good with administration but
not sure what steps to take in case of virus outbreak, Is there anyone
out there who can help me with following answers or at least wiht the
step 2...

1. An outbreak checklist that delineates how our staff will recover
after an outbreak
2. I need (McAfee) defined steps to be taken internally during an
outbreak
3. How to update servers within 90 minutes
4. The checklist outlines each step needed to mobilize our staff
during an outbreak

Many Thanks

Riz
16/09/09

1PW · External Since: Aug 19, 2009 Posts: 5

Riz wrote:
> Hi All,
>
> I am Anti-Virus Administrator of an organization with over 1200
> devices ( PCs, laptops server) and preparing for the worst...
> I use McAfee EPO to manage most of the things and 90% of the machines
> are updated daily with latest DATs, I am good with administration but
> not sure what steps to take in case of virus outbreak, Is there anyone
> out there who can help me with following answers or at least wiht the
> step 2...
>
> 1. An outbreak checklist that delineates how our staff will recover
> after an outbreak
> 2. I need (McAfee) defined steps to be taken internally during an
> outbreak
> 3. How to update servers within 90 minutes
> 4. The checklist outlines each step needed to mobilize our staff
> during an outbreak
>
> Many Thanks
>
> Riz
> 16/09/09

1) Learn how not to multi post.

2) Learn the difference between virus and malware.

--
1PW

David W. Hodgins · External Since: Mar 04, 2006 Posts: 46

On Wed, 16 Sep 2009 07:56:35 -0400, Riz <whoozdadaddy.RemoveThis@hotmail.com> wrote:

> 4. The checklist outlines each step needed to mobilize our staff
> during an outbreak

How are you defining an outbreak? New viruses are released every
single day, so there's been an outbreak in progress for years, if
not decades.

The critical part of the prep work is user education, ongoing
checking of your network security, ensuring all systems have
up-to-date software and anti virus definitions.

The users must be taught safe-hex.
http://www.claymania.com/safe-hex.html

The network security includes things like ensuring all routers
have upnp turned off, use non-standard gateway addresses, admin
user names and passwords, an monitoring of traffic looking for
anything unusual, ensuring all new inbound traffic is blocked
at the firewall, except for services which you know should be
open to the public.

If by outbreak, you mean the detection of a virus/worm already
on the network, you need to be able to quickly identify which
systems are infected (using traffic monitoring), and quickly
be able to disconnect those systems.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

FromTheRafters · External Since: Feb 16, 2009 Posts: 26

"Riz" <whoozdadaddy DeleteThis @hotmail.com> wrote in message
news:c696fabd-e9e3-4d07-a060-98613acc6540@n2g2000vba.googlegroups.com...
>
> Hi All,
>
> I am Anti-Virus Administrator of an orginization with over 1200
> devices ( PCs, laptops server) and preparing for the worst...

....and that is?

> I use McAfee EPO to manage most of the things and 90% of the machines
> are updated daily with latest DATs, I am good with administration but
> not sure what steps to take in case of virus outbreak,

Outbreak? Are you trying to determine what steps to take after
discovering network aware *malware* on your network?

....or trying to avoid becoming a victim of a new exploit based worm?

> Is there anyone
> out there who can help me with following answers or at least wiht the
> step 2...
>
> 1. An outbreak checklist that delineates how our staff will recover
> after an outbreak

Coffee always does it for me.

> 2. I need (McAfee) defined steps to be taken internally during an
> outbreak

You will have to explain what you mean by outbreak here. If it is the
exploit based worm outbreak scenario, McAfee has nothing to do with it.
You will have to patch the vulnerability or implement any recommended
'work arounds' that apply to your network. If it is the *malware*
scenario, you would have to disconnect affected machines from the
network and ensure they are clean before reconnection.

A nice clean disk image backup for each machine is a good idea IMO.
Unless you need to retain the "infested" drives for forensic analysis,
you can just reload the images.

> 3. How to update servers within 90 minutes

Update?

> 4. The checklist outlines each step needed to mobilize our staff
> during an outbreak

Google for "recovery best practices" or something similar.

Riz · External Since: Sep 16, 2009 Posts: 3

Many thanks for replying Dave and Rafters, my definition of Outbreak
is becoming victim of malware/trojan horse. As you have suggested I do
ensure all systems are upto date with virus definition, latest
patches, montioring network traffic etc. But users are free to bring
USBs CDs etc.
My question was about the action to take during an outbreak. I am
aware of an orginization where they became victim, most of their
printers started printing garbage or blanks, used rolls and stacks of
paper and catridges of ink etc. I don't know how they fixed the
problem but just to be prepared I was searching on internet for
actions to take in case there is malware outbreak.
Thanks again I got the idea that there is no golden rule just
identifying the infected and isolating them.

Regards

Riz

Riz · External Since: Sep 16, 2009 Posts: 3

Furthermore I was reading this page which gave me idea to create
checklist

http://articles.techrepublic.com.com/5100-10878_11-1034814.html

FromTheRafters · External Since: Feb 16, 2009 Posts: 26

"Riz" <whoozdadaddy.TakeThisOut@hotmail.com> wrote in message
news:63ab95ba-cd7a-4a46-9a22-70e2b3f56b60@p15g2000vbl.googlegroups.com...
> Many thanks for replying Dave and Rafters, my definition of Outbreak
> is becoming victim of malware/trojan horse.

Malware is the umbrella term for all specific types of malicious
software, which includes trojans and viruses (which are different
entities).

> As you have suggested I do
> ensure all systems are upto date with virus definition, latest
> patches, montioring network traffic etc. But users are free to bring
> USBs CDs etc.
> My question was about the action to take during an outbreak. I am
> aware of an orginization where they became victim, most of their
> printers started printing garbage or blanks, used rolls and stacks of
> paper and catridges of ink etc.

Reminds me of "Bugbear".

> I don't know how they fixed the
> problem but just to be prepared I was searching on internet for
> actions to take in case there is malware outbreak.

Yeah, disinfecting without first isolating would have you 'chasing your
tail' when dealing with network worms.

> Thanks again I got the idea that there is no golden rule just
> identifying the infected and isolating them.

Disable autorun/autoplay if possible. USB devices are the new 'floppy'
for sneakernet.