The research team at eEye also found that the leading mitigations it recommended in 2011 disabling WebDAV and Microsoft Office document converters - prevented even more vulnerabilities in 2011 than in 2010. In the case of turning off the Office document converters, the percentage increased from eight to 10 percent. Combined, the two tactics mitigate 20 percent of vulnerabilities.
To put these relatively simple recommendations into action, IT administrators can download a new, free tool from the eEye researchers. It tests for some of the most highly recommended configuration updates and:
• Offers a simple pass/fail and informational status check to compare how the user's company rates against recommended configurations
• Tests how the local system operating system is configured and how the network is architected, identifying potential problem areas
• Provides information on potential backdoors and other areas of concern related to Advanced Persistent Threats (APT)
• Shows how much of the user's processes and code are signed, allowing users to determine what is valid and what is not
The research also shows that in addition to upgrading and disabling WebDAV and Office converters, users should limit administrative privileges, put proxy servers to work, encrypt traffic on VLANs and IPsec, and deny access to Windows subsystems. Additional recommendations, most of which are easy fixes, are noted in the research, including how to protect against threats such as Stuxnet, Night Dragon and Aurora.
eEye's new free configuration tool and accompanying white paper are available for download here and eEye Research Report available Here.
Aucun commentaire:
Enregistrer un commentaire