Con el fin de evitar que puedan ser afectados por diversos malwares, ya sean virus, gusanos, ransomware, etc, les enviamos las siguientes recomendaciones para analicen desde la seguridad del proxy de websense.
Dentro de la categoría Security verificar que estén bloqueadas las siguientes sub-categorías:
• Advanced Malware Command and Control: Protects against outbound transmissions from a compromised machine to a malicious command-and-control center.
• Advanced Malware Payloads: Protects against inbound network transmissions of payloads intended to exploit a machine.
• Botnets: Sites that host the command-and-control centers for networks of bots that have been installed onto users' computers. (Excludes web crawlers.)
• Compromised Websites: Sites that are vulnerable and known to host an injected malicious code or unwanted content.
• Custom-Encrypted Uploads: Outbound network transmissions of documents, payloads, and data that have been encrypted using custom encryption methods.
• Files Containing Passwords: Documents and data that include lists of network passwords such as Unix and Windows user passwords; also, documents that potentially contain lists of usernames and passwords.
• Keyloggers: Sites that download programs that record all keystrokes, and which may send those keystrokes (potentially including passwords or confidential information) to an external party.
• Malicious Embedded Link: Sites infected with a malicious link.
• Malicious Embedded Iframe: Sites infected with a malicious iframe.
• Malicious Websites: Sites containing code that may intentionally modify users' systems without their consent and cause harm.
• Mobile Malware: Protects against malicious websites and applications designed to run on mobile devices.
• Phishing and Other Frauds: Sites that counterfeit legitimate sites to elicit financial or other private information from users.
• Potentially Exploited Documents: Documents containing content with suspicious characteristics that could lead to the exploitation of a machine.
• Potentially Unwanted Software: Sites using technologies that alter the operation of a user's hardware, software or network in ways that diminish control over the user experience, privacy or the collection and distribution of personal information.
• Spyware: Sites that download software that generate HTTP traffic (other than simple user identification and validation) without a user's knowledge.
• Suspicious Embedded Link: Sites suspected of being infected with a malicious link.
• Unauthorized Mobile Marketplaces: Protects against websites that may distribute applications unauthorized by the mobile OS manufacturer, the handheld device manufacturer or the network provider. (Traffic visiting websites in this category may indicate jail-broken or rooted phones.)
También es recomendable verificar que en la categoría Extended Protection que estén bloqueadas las siguientes subcategorías:
• Dynamic DNS: Sites that mask their identity using Dynamic DNS services, often associated with advanced persistent threats (APTs).
• Elevated Exposure: Sites that camouflage their true nature or that include elements suggesting latent malicious intent.
• Emerging Exploits: Sites found to be hosting known and potential exploit code.
• Newly Registered Websites: Sites whose domain name was registered recently.
• Suspicious Content: Sites found to contain suspicious content.
Estás categorías o subcategorías deberían estar bloqueadas para todos los usuarios sin excepción. El motor de Websense a nivel proxy es uno de los más efectivos al detener este tipo de malware ya que utiliza la inteligencia ThreatSeeker junto con el motor ACE (Advanced Classification Engine) para detectar ransomware en las etapas 2,3,4,5 y 6 de la cadena de ataque.
Lic. Matias Colli
Websense Engineer
