MA-085.112004: MyCERT Special Alert - Festive Season and Long Holiday Security AlertOriginal Issue Date: 4th November 2004 With the coming festive season and long holiday break, MyCERT would like to alert all System/Network Administrators, IT personnel and Internet users to properly secure/harden their systems and networks before they leave for their long holidays. Based on our experience, we had cases/reports in previous years where servers and websites been compromised and defaced during festive seasons. We hope such incidents will not occur again. MyCERT would like to stress that System/Network Administrators should take extra precautions against web defacement and worm activities for the festive and long holiday season, by implementing proper preventive measures against these two threats. However, other threats such as Denial of Service, Destruction and Mailbomb should not be overlooked. Attached below are some useful guidelines and measures that you may follow to ensure that your systems and networks are properly secured, thus preventing them from being compromised: Make sure all your systems are installed with latest service packs and patches. If you're running older versions of operating systems or softwares, make sure you have upgraded them to the latest versions as older versions may have some vulnerabilities that can be manipulated by intruders. You may refer to your respective vendors for the latest patches, service packs and upgrades. If you're running services, make sure you close unneeded services/ports except http service and other required services should be filtered and patched accordingly. Make sure anti-virus softwares that are running on your hosts and email gateways are updated with latest signature files and are enabled to scan all files. You may refer to the AV sites at:
http://www.mycert.org.my/anti-virus.htm Please check that your systems and networks are configured properly in order to avoid any unnecessary incidents caused by misconfigurations. Make sure loggings of your systems and servers are properly enabled. Make sure you back up all your systems. Organizations are recommended to install network based or host based IDS to alert scannings and other malicious attempts to their hosts.
List of several Intruder Detection Systems
http://www.mycert.org.my/resource/ids.htm List of several types of sniffers
http://www.mycert.org.my/resource/sniffer.htm
Home Users who are using PCs/computers at home are advised: Make sure your PCs aree installed with latest service packs and patches. Install an Anti-Virus software on your PCs which scans and blocks any worms/viruses to the PC. The Anti-virus should be regularly updated with latest signature files in order to detect new worms / viruses. You may refer to the following AV sites to download anti-virus software. http://www.mycert.org.my/en/resources/malware/av_sites/main/detail/528/index.html It is recommended for home users to install personal firewalls on their PCs. A personal firewall is capable of blocking unauthorised scannings to the PC and will alert the PC owner of any illegal scannings to their PCs. More information on home user PC security is available at:
http://www.mycert.org.my/en/resources/home_user/pc_security/main/detail/520/index.html Implement safe email-practices. Safe-email practices document is available at:
http://www.mycert.org.my/en/resources/email/email_practices/main/detail/512/index.html
Please take note that MyCERT will be on duty 24x7 and you may contact us for assistance. You may report to us during the festive season and long holiday at: Do visit MyCERT's website regularly for current updates, latest alerts and advisories at:
http://www.mycert.org.my |
