//////////////////////////////////////////////////////////////////// t cht lk
to open in the network firewall or router
to provide remote access. Instead, use
cloud-based devices that connect only to
the cloud provider’s servers and do not
offer direct remote access
• Do not enable UPnP on your firewall or
router. This protocol enables devices to
open ports on the firewall on demand
without your knowledge increasing the
surface area of attack
• Use secure VPN technologies to manage
your connected devices remotely
Harish Chib, vice
president, Middle East
and Africa, Sophos
Botnets have a massive slowdown effect
on the global Internet traffic. They can
also have a devastating impact on an
organisation, if the objective of the attack is
to steal sensitive information.
its success in gaining entry and to request
further instructions. It may be told to lie low
and wait or be instructed to move laterally
on the network to infect other devices, or to
participate in an attack. This attempt by the
malicious software to call-home represents an
opportunity to detect infected systems on the
network that are becoming part of a botnet.
•
Once an attack has got underway, it can be
difficult to detect. From a network traffic
point of view, the device will simply be
sending emails out as spam, transferring
data or mining bitcoins, or performing DNS
lookups and a variety of other requests,
usually seen in large scale attacks. In
isolation, none of these types of activities
are noteworthy. •
Building protection •
The most important ingredient for effective
protection from botnets is the organisation's
network firewall. The following can help to
get best protection from the firewall.
•
that can identify attack patterns inside
the network
Sandboxing can pick up the latest
malicious software before it reaches the
organisation's computers. Ensure the
organisation firewall offers advanced
sandboxing that can identify suspicious
web or email files and activate them in a
safe environment
Effective web and email protection can
prevent malware from getting onto
the network. Ensure the firewall has
behavioural-based web protection that
can simulate JavaScript code in web
content to determine behaviour before it
reaches the browser
Ensure the firewall has top-shelf anti-
spam and antivirus technology to detect
malware in email attachments
Web Application Firewall can protect
servers, devices and business applications
from being hacked. Ensure the firewall
offers WAF protection for any system that
requires remote access
Best-practices
• Advanced Threat Protection can identify
botnets already operating on the
network. Ensure the firewall has malicious
traffic detection, botnet detection, and
command and control, and call-home
traffic detection
• Intrusion prevention can detect hackers
attempting to penetrate and take over
the network. Ensure the firewall has a
next-gen intrusion prevention system
www.intelligentcio.com
• Change the password for all your network
devices to a unique complex password
and use a password manager if necessary
• Minimise use of IoT devices and update
all essential connected devices. Also
disconnect unnecessary devices from the
network and upgrade older devices to
newer models
• Avoid using IoT devices that require ports
Even if the botnet operating on the
organisation's network is not after its data,
it could be using devices and network
resources to cause devastating harm to
another organisation.
Do not let your network become part of the
next global botnet attack. n
“
BOTNETS CAN
ENTER AN
ORGANISATION
THROUGH
MULTIPLE POINTS
OF ENTRY. THIS
INCLUDES EMAIL
ATTACHMENTS,
HACKED
WEB SITES,
CONNECTED
SENSORS AND
OTHER IOT
DEVICES, AND
USB STICKS.
INTELLIGENTCIO
97