ABSTRACT
Influence behavior with awareness training, acceptable use policies, staff training, and attitude changes toward popular bot-spreading mediums, including e-mail attachments, hostile P2P files, and exploits and attacks against accounts and network shares. Use updated anti-virus software to identify and remove historical threats. Additionally, heuristic signatures are able to catch some minor modifications of known malicious code families to date. Use a firewall or intrusion detection system (IDS) solution to monitor traffic, baselining normal activity and implementing alerts to notify the user of when questionable activity exists. Fully patch computers and harden them against brute force attacks and weakly protected shares. Design networks to maximize intelligence load balancing, bandwidth, and upstream host provider anti-DDoS capabilities or throttling and tarpitting techniques to help manage DDoS attacks against one or more network resources. Configure routers within internal networks to explicitly limit ingress traffic to allowed IP addresses. Also configure filtering to take place between Network Address Translation devices and the ISP to explicitly allow only authorized sources. Deny private, server, and unroutable traffic and direct broadcast packets as appropriate within the network topology.
