Summary: “Guide to Malware Incident Prevention and Handling for Desktops and Laptops”
Protection against malware is important for any institution that has some form of IT infrastructure. As a result, it is important for IT professionals to have a guide that explains issues related to this subject. The publication “Guide to Malware Incident Prevention and Handling for Desktops and Laptops” by Souppaya and Scarfone defines malware, describes different types of malware, explains different defense mechanisms that can be used to defend against malware and mitigate its effects, and shows how professionals can respond in cases of attacks. This publication can be used by all IT professionals in the field of computer security, students studying computer security, as well as any other person interested in this field. This publication relates to other publication in the 800 series since it describes some of the issues faced by IT professionals in the course of their work. Students should use this publication as a reference for any subject related to computer security and the prevention and mitigation of cyber-attacks.
Malware can be described as any piece of code that is run on another program with the intention of destroying data in that program, as well as running programs that are intrusive and destructive to the program or compromise the integrity, availability, or confidentiality of the data in the program or operating system of the computer. Therefore, malware can be seen as an external threat that leads to huge damages to the institution in question or loss of data. Computer malware can take on several different forms (Souppaya & Scarfone, 2013). One of these forms is viruses which are self-replicating programs that are instantiated through human interaction. There are two subcategories of viruses: compiled viruses and interpreted viruses. Compiled viruses are run by an operating system, while interpreted viruses are run by individual programs on a computer. Another form of malware is worms. Worms are self-replicating programs that are different from viruses, because of individual execution as opposed to execution due to user interaction. There are two categories of worms: mass mailing worms and network service worms. Network service worms replicate through any loophole in the network of the institution, while mass mailing worms spread through the emailing system of the institution. Trojan horses are any programs that appear to be running normally. but have a malicious purpose in a computer instead. Trojan horses can be backdoors for an attacker to access a system, add files that are malicious, or replace the existing files with malicious ones. Another form of malware is malicious mobile code, which is a malicious program received from a remote host to a local host. It is not necessarily run by a user’s instruction. Lastly, a hybrid malware can be created by using different transmission or infection methods. This malware is usually referred to as blended attacks.
Typically, attackers of a computer system use various tools to aid in their attacks of the system. One of these tools are backdoors, which are programs that ‘listen’ to specific commands on specific UDP or TCP ports. They give system access to the attacker who can perform certain actions. Another tool used during attacks is a Keystroke Logger that keeps a record of keyboard use from which the attacker can fetch useful information. Rootkits perform changes to a system in a way that makes it hard to detect this change. Web Browser Plug-Ins monitor how a user uses their browser. Likewise, an Email Generator creates and sends emails without the knowledge of the user. Lastly, attackers can use different Attacker Toolkits to enable them to attack a vulnerable system.
Prevention and Mitigation of Malware
To be able to protect a computer system, different institutions should employ different strategies. One of these ways is by ensuring that they have a policy in place that addresses issues related to malware. Such policies should outline additional ways in which an organization can deal with malware Such a policy ensures that an institution can deal with any malware attacks in a consistent and effective manner (Souppaya & Scarfone, 2013). It should provide general outlines of how to deal with malware attacks, so as to provide the flexibility required in the implementation. However, these guidelines should be precise to ensure that the scope and the intention of the policy are clear. A policy can be composed of several clauses, including the need to scan any media from outside the institution, scanning of each email attachment, the prohibition of sending or receiving certain types of files, etc.
One of the programs that an institution can utilize to ensure the prevention of malware within the premises of an organization is an awareness campaign. An awareness campaign ensures that employees understand the proper behavior in the workplace in regards to the use of IT infrastructure. It also outlines what the users should do in case an incident occurs. Mitigating any vulnerabilities is important for an institution. Different methods, such as performing software updates for any software being used or even changing the software entirely, can be used to mitigate the vulnerabilities. Institutions should consider using technologies that ensure that the administrators can secure a system in a more consistent and effective fashion.
To mitigate the threats, different methods can be used. These include the use of antivirus software that scans the system, performs real-time protection against malware, and cleans the files that are infected by malware attacks. Additionally, an Intrusion Prevention Systems can be installed to provide analysis and sniffing of packets through the network of the organization to show or stop any form of malware (Souppaya & Scarfone, 2013). Firewalls can also be installed to protect the network of an organization from the Internet. And as for email threats, content filtering can be performed. Lastly, the application whistling technology can be implemented to ensure that only the programs that are allowed to run in a host actually do so.
Since malware attacks are inevitable, an institution can adopt different architecture alterations to reduce the impacts of an attack. One of these ways is BIOS Protection since a BIOS attack is one of the most significant attacks on a system. Additionally, an institution can implement sandboxing, where every action is performed in a controlled environment. Access to corporate information can only be available through a different browser than that which accesses the rest of the information to prevent browser attacks. Lastly, virtualization can be used to separate applications and the OS from each other.
Malware Incident Response
The response in the case of a malware attack has several main phases: preparation, detecting and analyzing the attack, containing, eradicating and recovering from the attack, and activities after the attack. The preparation process ensures that an institution is ready whenever any form of malware attack happens. The first way of ensuring that an institution is ready in case of attack is by developing malware-related skills among employees (Souppaya & Scarfone, 2013). Additionally, communication should be facilitated in the case of an attack. Lastly, the organization should acquire the tools required to combat an attack. The next stage is the detection and analysis stage. During this stage, the institution can observe and record instances of malware attacks. The first step is for professionals to identify the characteristics of the malware. After the characteristics are determined, the professionals can move to identifying the parts of the system that have been infected. Three techniques can be used to identify the infected parts, including forensic identification, active identification, and manual identification. After the identification, a recommendation is given. After this, the professionals should prioritize actions to deal with the incident. During the malware analysis stage, professionals can test the malware in a test environment to monitor and get more information about this malware (Souppaya & Scarfone, 2013). After that, the analysis comes to the containment stage. Containment involves two components: ensuring that the spread is stopped and preventative measures to other hosts. The institution decides what the appropriate method to contain the malware attack is. Containment can be performed in four ways: containment through user participation, containment through automatic detection, containment through disabling connectivity, and containment through disabling services. The professionals then give containment recommendations in regards to the incident. After containment, the eradication of malware is undertaken. Eradication removes the malware from the system. Although this process involves removing the malware, it also includes mitigating or eliminating the weakness that enabled the malware attack. From here, the institution recovers from the attack by restoring the functionality and the data of the system and lifting the temporary containment measures that might have been put in place.
You can buy article review on this or any other topic at 123HelpMe.org. Don’t waste your time, order now!
In conclusion, it is important for every institution to take measures to protect its systems and networks against any form of malware. This ensures that no data is destroyed or altered at any time. However, since an attack is inevitable, different protection strategies should be used by the institution. These include the use of antivirus software, implementation of the Intrusion Preventive Systems, development of policies to outline how threats are to be mitigated, etc. Whenever an attack happens, the response to the attack should include several phases: preparation, detecting and analyzing the attack, containing, eradicating, and recovering from the attack, and activities after the attack. This protocol completely removes the attack from the system and ensures that no other attacks happen.