Prevention

Preventing Trojan horse and backdoor attacks really comes down to constantly monitoring your systems. Following are some preventative measures you should consider:

• Install patches Installing patches helps keep your servers up to date with the latest vulnerability fixes for the operating system or applications. By fixing known vulnerabilities, you minimize the effectiveness of exploits that are designed to place a Trojan on the system in the first place.

• Install IDSs IDSs do not actually prevent Trojan horses or backdoor software, but they can help detect them and better yet detect the early signs of an attack that might lead to placing backdoors on a system. Detected ICMP and port scans can be the first signal to the administrator that trouble is brewing and to keep an eye out for possible future problems.

• Install anti-virus and Trojan scanners These software packages alone cannot prevent attacks and can only detect that something bad has been installed on the system. Take advantage of the features they do offer, however, because they do help to prevent future attacks or further compromise by removing existing backdoors.

• Install firewalls Installing a firewall makes attacks and hacking attempts much more difficult. Try to open only those ports that are absolutely required, thus limiting your exposure on the Internet. After a Trojan has successfully gained access behind the firewall, the firewall might as well not be there.

• Install a host-based IDS Software packages that monitor all application activity and every network connection going from and coming to your computer work quite well in this area. A host-based IDS typically allows you, the administrator of the computer, to approve or reject all programs attempting to execute and also those who are requesting Internet access.

• Learn the dangers By educating yourself and especially your employees, you can reduce the risk of compromise. Tell everyone to avoid installing dubious programs or downloading software from unknown sources on the Internet. Watch carefully for any unusual programs or processes running in your Windows Task Manager or other oddities that can occur during an attack.