Transcript ITS_8_Malware4

“Lines of Defense”
against Malware.
Prevention: Keep Malware off your computer.
Limit Damage: Stop Malware that gets onto your
computer from doing any damage.
Defense: Use antivirus software and keep it
updated.
Cleanup: Have a backup plan to recover
from a Malware attack.
The following Personnel Countermeasures are
effective in controlling Malware infections:
Security Policy and Procedures
Training and Awareness
Physical Security
Dedicated Management Technology
Firewalls and Intrusion Detection
Virus Protection
Authentication and Authorization
Encryption
Third Party Auditing and Assessment
Data and Information Backup
Prevention
Know enough about computer security to use
measures effectively.
Keep your passwords secure.
Keep your system patched and up-to-date.
Use Firewalls
SPAM/Phishing: Don’t spread your own email address.
Don’t “opt-out” or reply to any SPAM. This only
confirms it is a valid email address. Use filters.
Don’t readily comply with emails asking you
to read attachments or visit links.
Security Policies are the foundation of information
security within an enterprise. You should ensure that
they are comprehensive enough, are always up-todate, complete, and are understood by all staff.
Simply having a Security Policy is not enough. The
policies must be implemented to be effective.
A sound Security Policy will mitigate internal attacks
from disgruntled employees.
Employees play a critical role in protecting the
confidentiality, integrity, and access to your network.
Training in security awareness and accepted user
policy practices should be mandatory for all staff, both
upon their initial hiring and annually thereafter.
Awareness should be ongoing throughout
the enterprise.
Physical Security
Enterprises should define physical security measures
and implement appropriate preventative controls in
each area to protect against the risks of physical
access by malicious or unauthorized people.
Firewalls
A Firewall is a piece of hardware, or software that
selectively stops or permits network traffic based on
a set of rules.
You should use the built-in firewall in Windows XP,
Mac OS, or Linux. Home Routers with a personal
firewall for your home internet connection are a good
plan, especially any wireless systems. Configure the
firewall as tightly as possible, blocking anything you
don’t need.
A firewall’s strength is relative to its configuration. It
controls the flow of data into and out of a Local Area
Network. It is the gatekeeper between a private
network (LAN) and the public Internet. A firewall will
mitigate Denial of Services (DoS) attacks, portscanning and probing attacks, as well as simple
unauthorized Access from outside the network.
An Intrusion Detection Systems complements firewalls
to detect if internal assets are being hacked or
exploited. Network-based Intrusion Detection
systems monitor real-time network traffic for malicious
activity. They work in a similar manner to a network
sniffer. – If certain network traffic meets an attack
pattern or signature, they will send an alarm. They
monitor computers or server files for anomalies and
send alarms for network traffic that meets a
predetermined attack signature. IDS will mitigate
Denial of Service (DoS) attacks, website
defacements, and malicious codes and Trojans.
Virus Protection Software should be installed on all
network servers, and host computers. It should be the
latest version, and be regularly updated with the latest
signature files (detected viruses).
Virus protection should screen all software coming into
your computer or network system (files, attachments,
programs, etc.) Virus protection software
will mitigate Viruses, Worms, malicious
codes, and Trojans.
Authentication comes in three forms: What you have,
(Smartcards, tokens), what you know (Passwords,
PINs), or who you are (Biometric Fingerprint, Retina
scans).
Two factor authentication is the strongest, meaning
two out of the three forms being used.
Passwords are the most common, and should be at
least (8) mixed characters and numbers. They should
be changed at least every (90) days, and should have
a timeout of (3) attempts. Authorization is what an
individual has access to once authenticated.
Encryption protects data in transit or stored. Ciphering
data through the use of shared software keys, ensures
data cannot be accessed without having the
appropriate software keys.
Common use of encryption includes Virtual Private
Networking (VPN), a Secure Sockets Layer, S-MIME,
and WEP.
VPN is used to secure data transfer across the
Internet. Secure Sockets Layer is used to secure client
to server web-based transactions (https://). S-MIME is
used to secure e-mail transactions, while WEP,
Wireless Equivalency Privacy protocol is used to
secure wireless transactions.
Use of these will mitigate Data sniffing,
spoofing, and wireless attacks.
Data Backups are a must have for disaster recovery
and business continuity. Backups should include daily
and periodic (weekly) backups. These should be
stored off-site, at least twenty miles away from
geographic location, and have immediate access.
Backups should be kept for at least thirty days. This
will mitigate any lost data or information that is
compromised in any attack mentioned previously, or
in the event of a fire, human caused or natural
disaster.