Six Tips to Keep the Bots at Bay

Six Tips to Keep the Bots at Bay

See Also: Strengthening Defenses with ISO/IEC 27001 Standards: The Frontier of Canadian Cybersecurity

Fighting bots can seem like an unending battle. But there are some actions you can take to lower your risk. Among the steps:

#1) Maintain Your Guard

You’ve got to keep your systems and firewalls patched and antivirus software up to date. Now you’ll also probably need an extra layer -- an anti-exploit system. The reason: exploits are hard to modify, so you can improve security by using a signature that identifies and eliminates a specific exploit. For example, with the Storm (at last count, it was estimated to have more than 1 million computers in its botnet army) the number of nodes that might be part of a network is potentially infinite. So there is no possibility of blocking them all. If a botnet is directed to attack your ISP or even your institution’s IP address with a Denial of Service attack, things could get ugly. (See related story: Botnets: The New Faceless Threat).

#2) Set Your IDS and IPS to “Kill”

Point the settings on your intrusion detection system and intrusion detection and prevention system to detect anything that even looks like bot activity. What kind of activity? A sudden change in direction, if a PC begins sending out on Internet Chat Relay or connecting to foreign IP addresses or “bad” DNS addresses in a far-away land is suspect. Look for unusual port activity using SSL connections as an indicator. Be on the lookout for web crawlers operating at high fetch levels, remote call procedures, and Telnet and address resolution protocol spoofing. Also, if there are machines routing email to servers other than your own institution’s email server, this could indicate a bot is operating.

#3) Your Addresses on Website -- Keep Them Silent!

Webmasters and Web Designers should take all steps possible to ensure that no email address (whether belonging to themselves or otherwise) appears on their website in a manner susceptible to harvesting by automated means. So, that means that all webmail addresses displayed on public websites should take this approach [John DOT Smith AT ABCBank DOT com] to reduce the visible email addresses that could be taken by a bot scanning the site.

#4) Use Image-based tools (CAPTCHA)

Anti-bot technology tries to recognize a bot by betting on bots stumbling at tasks humans do easily. This involves a new breed of Turing tests to distinguish real people from intelligent computer programs. In the traditional test, a person distinguishes a machine from a human being by asking them questions and analyzing their answers. While the traditional test relied on a person to differentiate between a human being and a computer, the anti-bot tests make a computer differentiate between a machine and a human. These tests known as Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA); can pick off a bot at 100 yards. (However, don’t think that this is infallible, as the botmasters and other criminals are feverishly working around these new countermeasures as you’re reading this.)

#5) Hire a Web Filtering Service

Think of this as the all-seeing eye. This is for the institution that has the budget to afford it, and it is one of the best defenses against bots. Web filtering services scan in real time the internet for sites that are acting oddly, or are offering something that it doesn’t ordinarily do, and then they block those sites from your users. Things that these web filtering services look for include suspicious activity. This means downloads of Java script, screen scraping and other “abnormal” activities not normally associated with normal web browsing. These services also may offer alerts to the site owners to let them know that these activities are taking place, and detect where a hacked server resides on the institution’s network so it can be repaired.

#6) Educate Your Employees and Customers

Your employees should already have a crystal clear understanding of what can happen if their machine is turned into a zombie. Run your security awareness program like a boot camp, where only the successfully educated employees are allowed to touch a keyboard. While this may seem extreme, imagine what would happen if even one or two employees clicked on a link that downloaded a Trojan or keylogger software, and then their machines became bots and began spewing out spam from addresses linked to your institution. Try explaining that to your board of directors.

Your customers also need to know the rules of good security hygiene when it comes to online activities. Keeping them up-to-date on the latest scams and events that impact their online banking experience will benefit your institution’s bottom line, and will also engender trust in your brand. Their safe surfing habits and practice of good security hygiene will benefit you, too, with fewer calls to your customer service number from panicked customers with sad stories of having their accounts compromised.

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.