Thread: Stuxnet: Most Menacing Malware in History

No network is secure unless you have 100% control over the hardware. So unless you lock up your PC's so that they end users can not touch them you are at risk.

Originally Posted by Glitch

No network is secure unless you have 100% control over the hardware. So unless you lock up your PC's so that they end users can not touch them you are at risk.

True, but good security practices on a closed network defeat even this type of virus. For example, at my work, we have all the important stuff on a closed network. There are no PCs on it, just servers and thin clients. The thin clients have no USB or CD-ROMs. So anything that goes on the from an outside network or from the closed network to the outside network has to come through the IT shop. Furthermore, not just anyone is allowed on the closed network. Also, the servers are physically secured. I am not saying it is 100% secure because that is just not possible and overconfidence is very bad, but it is as secure as possible. As long as the we in the IT department are doing our job correctly, the important stuff is a very hard target.

Now, not every IT department has the need or money to lock stuff up like that. But even then there are lots of things that can be done to mitigate this type of thing. The best thing (I am assuming we are talking about a Windows shop here) is to use a GPO and completely disable USB and CD-ROM drive use entirely. Just too much risk IMHO. Combine that with locked down BIOS passwords on the workstations to prevent booting to CD-ROM, USB, or floppy and strong protection of the local administrator password in Windows will go a long ways toward preventing this type of thing. USB drives are old school tech anyway. There are far better ways to get your files from point A to point B without having to carry around a physical device.

There are so many things that a good IT department can do to protect the network that it would be impossible to list them here. The best thing that your company or government agency can ever do to protect its network is to make sure you have a good IT department. Everything that is important is constantly under assault. Make sure you have good people to protect your assets. Because I can promise you this: if your company or agency has any digital assets of any value, there will be good people coming after it.

blue tooth.

Originally Posted by BigHub

Sounds like an STD.

Sent from my HTC Thunderbolt

An STD that will only infect you if your IQ is over 150, and doesn't do damage you unless you naturally walk at a precise speed.

Sent from my LG Optimistic V using Tapatalk

Shit...guess that means no dating physicists for me QQ. Nursing/education majors here I come...not in that way you pervs.

Great article! It's pretty terrifying reading about that stuff, given how the federal government and private industry do security on a lot of critical infrastructure systems.

An IT group can protect you against some things, but many critical infrastructure systems have massive amounts of fielded equipment on a closed network that technicians have to use daily, and the government likes to use COTS operating systems and hardware when possible to keep costs down. Frequently you do not wind up with USB drive security even if you strive for it.

Ugh... making me think about work on a Friday night. Scary stuff though.

Originally Posted by Toad

Frequently you do not wind up with USB drive security even if you strive for it.

Why not? If you do it right, like I described, USB is either not available or disabled. Most breaches like this are due to bad IT policy or failure to follow a good IT policy. Humans are a bigger risk factor than the tech.



Sent from my Defy using Tapatalk

Nice article, very interesting read.