Tuesday, December 11, 2007 9:23 AM cmosby

SANS Internet Storm Center - How to stop javascript from websites infecting clients

 

How to stop javascript from websites infecting clients

Published: 2007-12-11,
Last Updated: 2007-12-11 13:33:23 UTC
by Swa Frantzen (Version: 2)

Greg wrote in to ask how to protect users in his organization from getting infected with malware by visiting websites for business reasons that got hacked.

Knowing we like to recommend to disable javascript by using e.g. Firefox+NoScript, he asked for other solutions aside of disabling javascript as it's not an option in his environment.

So we're looking for success stories, send them through the contact form, and we'll summarize it throughout  the day.

Wendy writes her organization is successfully using a host based IDS/IPS system that is loaded on each client and resets the connection when a malware site is encountered. She writes: "We have been able to identify sites that have not been previously noted as containing malicious code, including valid sites that have been compromised. This product works on roaming equipment, as it "calls home" once reconnected to the network, and reports in on possible compromises that we investigate, when alerted."  The ability to protect those laptops on the move seems to be a real plus of such a solution.

Ray writes in to tell us they block executables in the perimeter. They do allow IT to download executables though. Ray writes: "All HTTP is scanned by a virus scanner even for IT. By preventing staff from being able to download executable content you can very effectively prevent malware from infecting their computers. It's a political battle but worth fighting for."

--
Swa Frantzen -- Gorilla Security

Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc

Filed under: , , , , ,

Comments

No Comments