Follow the six-step malware response plan

Source: Internet
Author: User
Follow this six-step malware response plan

Follow the six-step malware response plan

By Michael Mullins ccna, MCP
By Michael Mullins
Translation:Endurer

Tags:Security threats | viruses and worms | spyware/adware | Security Management
Tags: security threats | viruses and worms | spyware/advertising software | Security Management

Takeaway:Sometimes all the preventive care in the world won't protect your systems from the inevitable malware infection. What's the best way to handle it? According to Mike Mullins, an aggressive tive malware Response Plan provided des these six steps.

Guide: Sometimes we try our best to prevent the system from being affected by unavoidable malware. What is the best solution? In Mike Mullins's view, an effective malware response plan includes these six steps.

As security administrators, we try to be as proactive as possible? A href = "http://articles.techrepublic.com.com/5100-1009_11-6106911.html" target = "_ blank"> applying patches and updates, conducting penetration testing, and establishing usage policies. unfortunately, sometimes all the preventive care in the world won't protect your systems from the inevitable infection into e it virus, worm, or some other form of malware.

As a security administrator, we try our best to take a forward photo-apply patches and updates, hold penetration tests, and establish usage policies. Unfortunately, sometimes the best effort is to prevent the system from being immune from the effects of unavoidable malware, which may be viruses, worms, or other forms of malware.

Enduer Note: 1. In the world: to the end
You don't have a care in the world. You don't know what troubles people have.

I 've written before about the importance of creating an Incident Response Policy, and I 've told you specific steps to take in response to a security incident. but security incidents can vary widely in size and target. while it's imperative to have an overall policy in place, an actual incident response plan shoshould depend on the actual event.

I have previously written about the importance of creating an accident response policy and have told you the specific steps to respond to a security incident. However, the size and objectives of security incidents may change significantly. Although there is an urgent need to have a comprehensive strategy where appropriate, a real accident response plan will depend on a real accident.

Enduer Note: 1. In place: in the appropriate location

Case in point: the growing threat of malware infections. A malware Incident Response Plan is not one that shocould focus on an active attack; instead, it needs to concentrate on the payload left behind on your systems.

Example: the threat of increasing malware infections. A malicious software accident response plan does not focus on an active attack, but focuses on the system's effective load.
Enduer Note: 1. Case in point: Example
2. Concentrate on: concentrate on)
3. Left behind: left behind
 

What is malware?
What is malware?

Malware is malicious code or software secretly inserted into a system to compromise the confidentiality, integrity, or availability of the data or applications residing on the network. malware incidents can cause extensive damage and disruption to a network, and they require costly efforts to restore system security and user confidence.

Malware is a malicious code or software that secretly inserts a system and threatens the confidentiality, integrity, or availability of data or applications on the network. A malware accident can cause a wide range of harm and split to the network, and requires great efforts to restore system security and user trust.

Enduer Note: 1. Insert into: Write... into; insert

We can separate malware threats into five broad categories. Here's a quick overview:
We can divide malware threats into five categories. Summary:

  • Viruses:Self-Replicating Code inserts copies of the virus into host programs or data files. Viruses can attack both operating systems and applications.
    Virus: Self-replication code inserts into the host program or data file. Viruses can attack operating systems and applications.
  • Worms:A self-replicating, self-contained program executes without user intervention. Worms create copies of themselves, and they don't require a Host Program to infect a system.
    Worm: An independent program that is self-copied without user intervention during execution. Worms create their own copies, and they do not need host programs to infect the system.
    Enduer Note: 1. Self-contained
  • Trojan Horses:This self-contained, non-replicating program appears to be benign, but it actually has a hidden malicious purpose. Trojan horses often deliver other attacker tools to systems.
    Trojan Horse: This is an independent, non-self-replication program with good surface, but actually has hidden malicious purposes. Trojans usually release other attack tools to the system.
  • Malicious mobile code:This software with malicious intent transmits from a remote system to a local system. attackers use it to transmit viruses, worms, and Trojan horses to a user's workstation. malicious Mobile Code exploits vulnerabilities by taking advantage of default privileges and unpatched systems.
    Malicious Code propagation (malicious Mobile Code): Software with malicious attempts from remote systems to local systems. Attackers use it to transmit viruses, worms, and Trojans to users' workstations.
  • Tracking cookies:Accessed by your web sites, these persistent cookies allow a third party to create a profile of a user's behavior. Attackers often use tracking cookies in conjunction with Web bugs.
    Tracking cookies: These permanent cookies allow third parties to create user behavior files. Attackers usually use tracking cookies with website bugs.
    In conjunction with: together with (joint, and-joint)

These are the main categories of the malware threats threatening your users and your network. What happens when they succeed? An executive tive malware response plan includes these six steps:
These are the main types of malware threats for Wei and users and networks. What happens when they succeed? An effective malware response plan includes these six steps:

  1. Preparation:Develop Malware-specific incident handling between ies and procedures. Conducting CT Malware-oriented training and exercises to test your between ies and procedures. Determine whether your procedures work before you actually have to use them.
    Prevention:Start specific malware accident handling policies and processes. Hold training and training for malware to test policies and processes. Determine whether your process works before using them.
  2. Detection and analysis:Deploy and monitor antivirus/Anti-Spyware software. read malware advisories and alerts produced by antivirus/Anti-Spyware vendors. create toolkits on removable media that contain up-to-date tools for identifying malware, examining running processes, and naming other analysis actions.
    Detection and analysis:Deploy and monitor anti-virus/Anti-Spyware software. Read malware suggestions and warnings from virus/Anti-Spyware providers. Create a toolkit or mobile media that contains the latest tools to identify malware, verify processes in operation, and execute other analysis activities.
    Enduer Note: 1. Up-to-date: the latest, modern
  3. Containment:Be prepared to shut down a server/workstation or block services (e.g ., e-Mail, Web browsing, or Internet access) to contain a malware incident. decide who has the authority to make this demo-based on the malware activity. early containment can stop the spread of malware and prevent further damage to systems both internal and external to your network.
    Control: Prepare to shut down servers/workstations or block services (such as email, Web browsing or Internet access) to control malware incidents. Policy makers make decisions based on malware activities. Early control can stop the spread of malware and prevent greater risks to the inside and outside of the network.

    Enduer Note: 1. Be prepared to: prepare

  4. Eradication:Be prepared to use a variety of eradication techniques to remove malware from infected systems.
    Eradicate: To remove malware from infected systems using various eradication techniques.
    Enduer Note: 1. A variety of: Various (several, various)
  5. Recovery:Restore the confidentiality, integrity, and availability of data on infected systems, and reverse containment measures. this operation des reconnecting systems/networks and rebuilding Compromised systems from scratch or known good backups. the Incident Response Team shocould assess the risks of restoring network services, and this assessment shocould guide management decisions about restoration of services.
    Restore: Restores the confidentiality, integrity, and availability of the data in the infected system, and flip the closed measures. This includes reconnecting the system/network and rebuilding the damaged system from a damaged location or a good backup. The incident response team should assess the risk of restoring the network service, and this evaluation should guide the manager's decision on restoring the service.
  6. Report:Gather the lessons learned after each malware incident to avert similar future incidents. identify changes to security policy, software deployments, and the addition of Malware detection and prevention controls.
    Report: Collect lessons after each malware accident to avoid similar accidents in the future. Identify changes in security policies, software configurations, Malware detection, and Defense control.
Final Thoughts
Conclusion

When it comes to responding to a malware incident, you can deploy all the detection and monitoring tools on the planet, but you still have to get your users involved! Educate your users on how to identify infections, and teach them the steps to take if their system becomes infected.

When talking about malware incidents, you can deploy all detection and monitoring tools around the world, but you will still be involved! Educate users on how to identify infections and teach them the steps they should take if the system is infected.

Enduer Note: 1. When it comes to: when it comes to...; just... To be fair

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.