Sunday, August 1, 2010

How to defend against APT

I attended a recent presentation on APT and how to defend APT attacks by the folks from Mandiant.

If you are still wondering what APT is, head over to my essay on demystifying APT. Richard from the TaoSecurity wrote an article on the July issue of the Information Security magazine on the same subject.

The Mandiant talk involved some of the APT cases they handled over the years and discussed common problems they saw at client sites. They also provided remediation solutions and associated implementation challenges.


Here are some of the notes on the remediation steps from that talk:

Limit DynDNS providers (more than 70% of investigations involved that)
Provide appropriate training for information security staff
Segment internal network
Patch 3rd party applications
Use password management tools for controlling privileged users
HIPS, put them in block mode
Train users to handle unsophisticated attacks like regular social engineering attacks




No comments: