Six Tips to Keep the Bots at Bay
Six Tips to Keep the Bots at Bay
#1) Maintain Your Guard
Youâ€™ve got to keep your systems and firewalls patched and antivirus software up to date. Now youâ€™ll also probably need an extra layer -- an anti-exploit system. The reason: exploits are hard to modify, so you can improve security by using a signature that identifies and eliminates a specific exploit. For example, with the Storm (at last count, it was estimated to have more than 1 million computers in its botnet army) the number of nodes that might be part of a network is potentially infinite. So there is no possibility of blocking them all. If a botnet is directed to attack your ISP or even your institutionâ€™s IP address with a Denial of Service attack, things could get ugly. (See related story: Botnets: The New Faceless Threat).
#2) Set Your IDS and IPS to â€œKillâ€Point the settings on your intrusion detection system and intrusion detection and prevention system to detect anything that even looks like bot activity. What kind of activity? A sudden change in direction, if a PC begins sending out on Internet Chat Relay or connecting to foreign IP addresses or â€œbadâ€ DNS addresses in a far-away land is suspect. Look for unusual port activity using SSL connections as an indicator. Be on the lookout for web crawlers operating at high fetch levels, remote call procedures, and Telnet and address resolution protocol spoofing. Also, if there are machines routing email to servers other than your own institutionâ€™s email server, this could indicate a bot is operating.
#3) Your Addresses on Website -- Keep Them Silent!
Webmasters and Web Designers should take all steps possible to ensure that no email address (whether belonging to themselves or otherwise) appears on their website in a manner susceptible to harvesting by automated means. So, that means that all webmail addresses displayed on public websites should take this approach [John DOT Smith AT ABCBank DOT com] to reduce the visible email addresses that could be taken by a bot scanning the site.
#4) Use Image-based tools (CAPTCHA)
Anti-bot technology tries to recognize a bot by betting on bots stumbling at tasks humans do easily. This involves a new breed of Turing tests to distinguish real people from intelligent computer programs. In the traditional test, a person distinguishes a machine from a human being by asking them questions and analyzing their answers. While the traditional test relied on a person to differentiate between a human being and a computer, the anti-bot tests make a computer differentiate between a machine and a human. These tests known as Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA); can pick off a bot at 100 yards. (However, donâ€™t think that this is infallible, as the botmasters and other criminals are feverishly working around these new countermeasures as youâ€™re reading this.)
#5) Hire a Web Filtering Service
Think of this as the all-seeing eye. This is for the institution that has the budget to afford it, and it is one of the best defenses against bots. Web filtering services scan in real time the internet for sites that are acting oddly, or are offering something that it doesnâ€™t ordinarily do, and then they block those sites from your users. Things that these web filtering services look for include suspicious activity. This means downloads of Java script, screen scraping and other â€œabnormalâ€ activities not normally associated with normal web browsing. These services also may offer alerts to the site owners to let them know that these activities are taking place, and detect where a hacked server resides on the institutionâ€™s network so it can be repaired.
#6) Educate Your Employees and Customers
Your employees should already have a crystal clear understanding of what can happen if their machine is turned into a zombie. Run your security awareness program like a boot camp, where only the successfully educated employees are allowed to touch a keyboard. While this may seem extreme, imagine what would happen if even one or two employees clicked on a link that downloaded a Trojan or keylogger software, and then their machines became bots and began spewing out spam from addresses linked to your institution. Try explaining that to your board of directors.
Your customers also need to know the rules of good security hygiene when it comes to online activities. Keeping them up-to-date on the latest scams and events that impact their online banking experience will benefit your institutionâ€™s bottom line, and will also engender trust in your brand. Their safe surfing habits and practice of good security hygiene will benefit you, too, with fewer calls to your customer service number from panicked customers with sad stories of having their accounts compromised.