| |
Essential Steps for Stopping the New PnP Worm
The
following steps represent essential actions to prevent the new Plug and Play
(PnP) worm, as well as general best-practice guidelines.
- Patch systems immediately;
A cumulative security update for Internet Explorer
(MS05-038), a buffer overflow vulnerability in Windows Plug-and-Play (MS05-039)
and a security bug in the Print Spooler service (MS05-043) all pose a severe
hacker risk and earn Redmond's dreaded critical sobriquet.
- Blocking TCP ports 139 and 445
at the firewall;
- Eliminating NULL sessions;
- Using access control lists (ACLs) to restrict traffic to worm-specific ports and
destinations;
- Updating IDS/IPS signatures;
- Using a personal firewall such
as the Internet Connection Firewall, which is included with Windows XP
SP1;
- Enabling advanced TCP/IP
filtering on systems that support the above feature; and
- Blocking affected ports using IPsec on the affected systems.
|
|
| Find out how the professionals at BAI Security
can help you secure your business. Contact Us Today »
|
|
