Hacking, computing, malicious attacks paper

Introduction

To begin with, hacking is becoming an occupational crime, which is on the rise where various organizations have fallen victims. The growth of technology has made this practice become intense making organizations intensify their internet security. Hacking involves the modification of features belonging to a system with a motive of accomplishing a goal, outside the creator’s original resolution. Therefore, a hacker is a person involved in hacking and has accepted to engage themselves in the lifestyle of hacking. Computer hacking is very popular nowadays mainly in computer security, although other forms of hacking like phone and brain hacking also exists.

In terms of computing, malicious attacks are deliberate physical or electronic actions carried out to a system with the intentions to acquire, destroy, modify or access users’ data without their consent. Physical attacks include thefts and destruction of hardware storing personal and confidential information.  Hackers attack systems electronically involve unauthorized access and modification of computer users. They also use malicious threats to breach and violate the security system. They are either intentionally caused by the hacker or accidental. For example, due to natural acts like fire. This paper has detailed information regarding ways, which one can protect themselves from malicious malware, and threats.

Malicious attacks generally disrupt the function ability of the computer system. These attacks take different forms that include viruses, worms, Trojan horses, logical bombs, trap and backdoors, phishing and spoofing. A virus is a program that is capable of copying itself to another program. When it occurs in a running program, it spreads to other executable functions. These threats a very deadly and causes harms to users. There are various ways in which we can defend and eliminate these threats.

Introduction

Welcome to this document from the Midsize Business Security Guidance collection. Microsoft hopes that the following information will help you create a more secure and productive computing environment.

Executive Summary

As malicious software or malware becomes more evolved and sophisticated, so have the software and hardware technologies for helping to prevent malware threats and attacks.

Malware threats have been very costly for midsize businesses in both attack defense and response technologies and operations. The Internet has significantly raised the profile of external threats to midsize business environments while some of the greatest threats still continue, such as internal attacks.

Internal attacks that have the highest potential for damage result from the activities of insiders in the most trusted positions, such as network administrators. Insiders involved with malicious activities are likely to have specific goals and objectives, such as planting a Trojan horse or unauthorized file system browsing while maintaining legitimate access to the systems. More commonly, insiders do not have malicious intent but may plant malicious software by unintentionally connecting infected systems or devices to an internal network resulting in a compromise of the integrity/confidentiality of the system or by affecting system performance, availability, and/or storage capacity.

Analysis of both internal and external threats has led many midsize businesses to investigate systems that help monitor networks and detect attacks, including resources for helping to manage malware risks in real-time.

Overview

This document provides information about strategies for helping to manage malware risks in midsize businesses. The document is divided into four main sections: Introduction, Definition, Challenges, and Solutions.

Definition

This section clarifies what malware is (and also what is not malware), its characteristics, and risk management.

Challenges

This section describes many of the common challenges that midsize businesses face with regard to managing malware risks, including:

• Common information system assets
• Common threats
• Vulnerabilities
• Educating end users and policies
• Balancing risk management and business need

Solutions

This section provides additional information about policies, approaches, and strategies, including:

• Physical and logical policies
• Reactive and proactive approaches to malware and virus prevention
• Strategies for helping to reduce malware

Malware risk assessment and management are also discussed in this section as part of the strategies to help prevent malware threats. This section will also provide information about monitoring and reporting tools to help scan, detect, and report malware activities.

Who Should Read This Guide

This document is primarily intended for management and IT personnel in midsize businesses to help them better understand malware threats, how to help defend against these threats, and how to respond quickly and appropriately when malware attacks occur.

Top Of Page

Definition

Malware is an abbreviation of the words “malicious software.” It is a collective noun that includes viruses, worms, and Trojan horses that intentionally perform malicious tasks on a computer system. Technically, malware is any malicious code.

Understanding the Different Types of Malware

The following subsections describe different malware categories.

Concealment

• Trojan horse. A program that appears to be useful or harmless but that contains hidden code designed to exploit or damage the system on which it is run. Trojan horse programs (also called Trojan code) are most commonly delivered to users through e-mail messages that misrepresent the program’s purpose and function. Trojan horse programs do this by delivering a malicious payload or task when they are run.

Infectious Malware

• Worm. A worm uses self-propagating malicious code that can automatically distribute itself from one computer to another through network connections. A worm can take harmful action, such as consuming network or local system resources, possibly causing a denial of service attack. Some worms can execute and spread without user intervention, while others require users to execute the worm code directly in order to spread. Worms may also deliver a payload in addition to replicating.
• Virus. A virus uses code written with the express intention of replicating itself. A virus attempts to spread from computer to computer by attaching itself to a host program. It may damage hardware, software, or data. When the host is executed, the virus code also runs, infecting new hosts and sometimes delivering an additional payload.

Malware for Profit

• Spyware. This type of software is sometimes referred to as spybot or tracking software. Spyware uses other forms of deceptive software and programs that conduct certain activities on a computer without obtaining appropriate consent from the user. These activities can include collecting personal information and changing Internet browser configuration settings. Beyond being an annoyance, spyware results in a variety of issues that range from degrading the overall performance of your computer to violating your personal privacy.

Web sites that distribute spyware use a variety of tricks to get users to download and install it on their computers. These tricks include creating deceptive user experiences and covertly bundling spyware with other software users might want, such as free file sharing software.

• Adware. A type of advertising display software, specifically certain executable applications whose primary purpose is to deliver advertising content potentially in a manner or context that may be unexpected and unwanted by users. Many adware applications also perform tracking functions, and therefore may also be categorized as tracking technologies. Some consumers may want to remove adware if they object to such tracking, do not wish to see the advertising caused by the program, or are frustrated by its effects on system performance. Conversely, some users may wish to keep particular adware programs if their presence subsidizes the cost of a desired product or service or if they provide advertising that is useful or desired, such as ads that are competitive or complementary to what the user is looking at or searching for.

For more information, see the Malware topic in Wikipedia at http://en.wikipedia.org/wiki/Malware and the What is Malware? topic in The Antivirus Defense-in-Depth Guide at www.microsoft.com/technet/security/guidance/serversecurity/avdind_2.mspx#ELF.

Understanding Malware Behaviors

The various characteristics that each category of malware can exhibit are often very similar. For example, a virus and a worm may both use the network as a transport mechanism. However, a virus will look for files to infect while the worm will simply attempt to copy itself. The following section provides brief explanations of typical malware characteristics.

Target Environments

When malware attempts to attack a host system, a number of specific components may be required before the attack can succeed. The following components are typical examples of the types of components malware may require to launch an attack against a host:

• Devices. Some malware will specifically target a device type, such as a personal computer, an Apple Macintosh computer, or even a Personal Digital Assistant (PDA). Mobile devices such as cell phones are becoming more popular target devices.
• Operating systems. Malware may require a particular operating system to be effective. For example, the CIH or Chernobyl virus of the late 1990s could only attack computers running Microsoft® Windows® 95 or Windows 98. Newer operating systems are more secure. Unfortunately, malware is becoming more sophisticated as well.
• Applications. Malware may require a particular application to be installed on the target computer before it can deliver a payload or replicate. For example, the LFM.926 virus of 2002 could only attack if Shockwave Flash (.swf) files could execute on the local computer.

Carrier Objects

If the malware is a virus, it will attempt to target a carrier object (also known as a host) to infect it. The number and type of targeted carrier objects varies widely among different forms of malware, but the following list provides examples of the most commonly targeted carriers:

• Executable files. These carriers are the targets of the “classic” virus type that replicates by attaching itself to a host program. In addition to typical executable files that use the .exe extension, files with extensions such as the following can also be used for this purpose: .com, .sys, .dll, .ovl, .ocx, and .prg.
• Scripts. Attacks that use scripts as carriers target files that use a scripting language, such as Microsoft Visual Basic® Script, JavaScript, AppleScript, or Perl Script. Extensions for files of this type include: .vbs, .js, .wsh, and .prl.
• Macros. These carriers are files that support a macro scripting language of a particular application, such as a word processor, spreadsheet, or database application. For example, viruses can use the macro languages in Microsoft Word and Lotus Ami Pro to produce a number of effects, ranging from mischievous (switching words around in the document or changing colors) to malicious (formatting the computer’s hard drive).

Transport Mechanisms

An attack can use one or many different methods to try and replicate between computer systems. This section provides information about a few of the more common transport mechanisms that malware uses.

• Removable media. The original and probably the most prolific transmitter of computer viruses and other malware (at least until recently) is file transfer. This mechanism started with floppy disks, then moved to networks, and is now finding new media such as Universal Serial Bus (USB) devices and Firewire. The rate of infection is not as rapid as with network-based malware, yet the threat is ever present and hard to eradicate completely because of the need to exchange data between systems.
• Network shares. When computers were provided a mechanism to connect to each other directly via a network, malware writers were presented with another transport mechanism that had the potential to exceed the abilities of removable media to spread malicious code. Poorly implemented security on network shares produces an environment where malware can replicate to a large number of computers connected to the network. This method has largely replaced the manual method of using removable media.
• Peer-to-peer (P2P) networks. For P2P file transfers to occur, a user must first install a client component of the P2P application that will use the network.

For additional information, see the “Malware Characteristics” section of The Antivirus Defense in Depth Guide at www.microsoft.com/technet/security/guidance/serversecurity/avdind_2.mspx#EQAAC.

What Is Not Included in the Definition of Malware

A variety of threats exist that are not considered malware because they are not computer programs written with malicious intent. However, these threats can still have both security and financial implications for midsize businesses. The following list describes some common examples of threats that should be considered and understood when developing a comprehensive security strategy.

• Joke software. Joke applications are designed to produce a smile or, at worst, a waste of someone’s time. These applications have existed for as long as people have been using computers. Because they were not developed with malicious intent and are clearly identified as jokes, they are not considered malware for the purposes of this guidance. Numerous examples of joke applications exist, producing everything from interesting screen effects to amusing animations or games.
• Hoaxes. A trick message warning of a virus that doesn’t actually exist is an example of a hoax. Like some other forms of malware, hoaxes use social engineering to attempt to trick computer users into performing some act. However, there is no code to execute in a hoax; the hoaxer is usually simply trying to trick the victim. A common example of a hoax is an e-mail message or a chain-mail that claims a new virus type has been discovered and to warn friends by forwarding the message. This type of hoax message wastes people’s time, takes up e-mail server resources, and consumes network bandwidth. However, hoaxes can also cause damage if they instruct users to change computer configurations (for example, deleting registry keys or system files).
• Scams. An e-mail message that attempts to trick the recipient into revealing personal information that can be used for unlawful purposes (such as bank account information) is a common example of a scam. One particular type of a scam has become known as phishing (pronounced “fishing”) and is also referred to as brand spoofing or carding.
• Spam. Spam is unsolicited e-mail generated to advertise some service or product. This phenomenon is generally considered a nuisance, but spam is not malware. However, the dramatic increase in the number of spam messages being sent is a problem for the infrastructure of the Internet. Spam also causes lost productivity for employees who are forced to wade through and delete such messages every day.
• Internet cookies. Internet cookies are text files that are placed on a user’s computer by Web sites that the user visits. Cookies contain and provide identifying information about the user to the Web sites that place them on the user computer, along with whatever information the sites want to retain about the user’s visit.

Cookies are legitimate tools that many Web sites use to track visitor information. Unfortunately, some Web site developers have been known to use cookies to gather information without the user’s knowledge. Some may deceive users or omit their policies. For example, they may track Web surfing habits across many different Web sites without informing the user. The site developers can then use this information to customize the advertisements the user sees on a Web site, which is considered an invasion of privacy.

For additional detailed information about malware and its characteristics, see The Antivirus Defense-in-Depth Guide on Microsoft TechNet at www.microsoft.com/technet/security/guidance/serversecurity/avdind_0.mspx.

Understanding Risk Management and Malware

Microsoft defines risk management as the process by which risks are identified and the impact of those risks determined.

Attempting to put in place a plan for security risk management can be overwhelming for midsize businesses. Possible factors may include the lack of in-house expertise, budget resources, or guidelines to outsource.

Security risk management provides a proactive approach that can assist midsize businesses in planning their strategies against malware threats.

A formal security risk management process enables midsize businesses to operate in the most cost efficient manner with a known and acceptable level of business risk. It also gives them a consistent, clear path to organize and prioritize limited resources in order to manage risk.

To facilitate the tasks of managing risks, Microsoft has developed The Security Risk Management Guide, which provides guidance about the following four processes:

1. Assessing risk. Identify and prioritize risks to the business.
2. Conducting decision support. Identify and evaluate control solutions based on a defined cost-benefit analysis process.
3. Implementing controls. Deploy and operate control solutions to help reduce risk to the business.
4. Measuring program effectiveness. Analyze the risk management process for effectiveness and verify that controls are providing the expected degree of protection.

Detailed information about this topic is beyond the scope is this paper. However, it is essential to understand the concept and processes in order to help plan, deploy, and implement a solution strategy for malware risk. The following figure shows the four primary processes of risk management.

Figure 1. The 4 primary risk management processes

For more information about risk management, see The Security Risk Management Guide on Microsoft TechNet at http://go.microsoft.com/fwlink/?linkid=30794.

Top Of Page

Challenges

Malware attacks can be mounted via different vectors or attack methods on a specific weak point. It is recommended that midsize businesses perform risk assessments that not only determine their vulnerability profiles but also help determine what level of risk is acceptable to that specific company. Midsize businesses need to develop strategies to help reduce malware risks.

Some of the challenges for reducing malware risks in a midsize business environment include:

• Common information system assets.
• Common threats
• Vulnerabilities
• User education
• Balancing risk management and business needs.

Common Information System Assets

Information systems security provides essential information to help manage the security of midsize businesses. Common information system assets refer to both the physical and the logical aspects of a company. They could include servers, workstations, software, and user licenses.

Employee business contact data, mobile computers, routers, human resources data, strategic plans, internal Web sites, and employee passwords are all common information system assets. An extensive list is provided in “Appendix A: Common Information System Assets” at the end of this document.

Common Threats

Several methods through which malware can compromise midsize businesses are sometimes referred to as threat vectors, and represent the areas that require the most attention when designing an effective solution to help reduce malware risks. Common threats include natural disasters, mechanical failures, malicious persons, uninformed users, social engineering, malicious mobile code, and disgruntled employees. This wide range of threats presents challenges not only for midsize businesses but businesses of all sizes.

“Appendix B: Common Threats” at the end of this document provides an extensive list of threats that are likely to affect midsize businesses.

Vulnerabilities

Vulnerabilities represent weaknesses in IT system security procedures and policies, administrative controls, physical layout, internal controls, and other areas that could be exploited by a threat to gain unauthorized access to information or disrupt critical processing.  Vulnerabilities are both physical and logical. They include natural disaster, mechanical failures, software misconfigurations, unpatched software, and human error. “Appendix C: Vulnerabilities” at the end of this document provides an extensive list of vulnerabilities that are likely to affect midsize businesses.

User Education

With regard to physical and logical information security, the biggest vulnerability is not necessarily the computers or software flaws but the computer users. Employees may make obtrusive errors such as typing in their passwords where others can see them, downloading and opening e-mail attachments that contain viruses, or failing to shut down their computers at night. Because human actions can greatly affect computer security, educating employees, IT staff, and management should be made a priority. Equally as important is the need for all personnel to develop good security habits. These approaches simply are more cost efficient for the business in the long run. Training should provide users with recommendations for avoiding malicious activities and should educate about potential threats and how to avoid them. Security practices that users should be aware of include the following:

• Never reply to e-mail requests for financial or personal information.
• Never provide passwords.
• Do not open suspicious e-mail file attachments.
• Do not respond to any suspicious or unwanted e-mails.
• Do not install unauthorized applications.
• Lock their computers when they are not actively using them by by password-protecting the screen saver or through the CTRL-ALT-DELETE dialog box.
• Enable a firewall.
• Use strong passwords on their remote computers.

Policies

Written policies and accepted procedures are a necessity for helping to enforce the security practices. To be effective, all IT policies should include the support of upper management and provide an enforcement mechanism, a way to inform users, and a way to educate users. Example policies might address the following topics:

• How to detect malware on a computer.
• How to report suspected infections.
• What users can do to assist incident handlers such as the last action a user did before the system became infected.
• Processes, and procedures to mitigate operating system and application vulnerabilities that malware might exploit.
• Patch management, application of security configuration guides and checklists.

Balancing Risk Management and Business Needs

Investing in a risk management process helps prepare midsize businesses to articulate priorities, plan to mitigate threats, and address the next threat or vulnerability to the business.

Budget constraints may dictate IT security spending but a well-structured risk management methodology, when used effectively, can help management identify appropriate controls for providing the mission-essential security capabilities.

Midsize business must weigh the delicate balance between risk management and their business needs. The following questions may be helpful when balancing risk management and business needs:

• Should the company configure its systems itself or should it be done by the hardware/software supplier? What would be the cost?
• Should you use load balancing or clustering as mechanisms to ensure high availability of applications? What does it take to put these mechanisms in place?
• Do you need alarm system for your server room?
• Should you use electronic key systems for the building or the server room?
• What is the company’s budget for computer systems?
• What is the company’s budget for technology support and maintenance?
• How much money would you estimate your company has spent on your computer systems (hardware /software maintenance) in last year?
• How many computers are in the main site of your company? Do you have an inventory of computer hardware and software?
• Are your older systems powerful enough to run most of the software you need to run?
• How many new or upgraded computers would you estimate you need? How many would be optimum?
• Does each user have to have a printer?

For more detail information on risk management, refer to the Security Risk Management Guide at http://go.microsoft.com/fwlink/?linkid=30794.

Top Of Page

Solutions

This section explains different strategies for helping to manage malware risks, including reactive and proactive approaches to malware, physical, and logical policies. Validation methods such reporting tools and monitoring will be discussed as well.

Developing Strategies for Reducing Malware

When developing strategies to help reduce malware, it is important to define necessary operational key points where malware detection and/or prevention can be implemented. When it comes to managing malware risk, a single device or technology should not be solely relied upon as the only line of defense. Preferred methods should include a layered approach using proactive and reactive mechanisms throughout the network. Antivirus software plays a key role in this area; however, it should not be the only instrument used to determine malware attacks. For further detailed information on layered approach, refer to the section titled “The Malware Defense Approach” in The Antivirus Defense-in-Depth Guide at www.microsoft.com/technet/security/guidance/serversecurity/avdind_3.mspx#E1F.

The following operational key points are discussed further in detail:

• Assessing malware risks
• Physical security
• Logical security
• Proactive vs. reactive policies and procedures
• Deployment and management

Assessing Malware Risks

When assessing malware risks, midsize businesses need to be mindful of the attack vectors that are most vulnerable to threats. How are they protected and to what extent? The following questions should be considered:

• Does the company have a firewall installed?

Firewalls are an important part of perimeter defense. A network firewall commonly serves as a primary line of defense against external threats to an organization’s computer systems, networks, and critical information. Midsize businesses should have some sort of firewalls implemented be it software or hardware firewalls.

• Does the company have internal or external vulnerability scan analysis capability? How is the scanned information analyzed?

A tool such as the Microsoft Baseline Security Analyzer (MBSA) is recommended for scanning for misconfigurations or vulnerabilities. It is also possible to outsource the security vulnerability testing process by hiring outside vendors to assess the security environment and provide suggestions for improvement where deemed necessary.

Note   MBSA is an easy-to-use tool designed for the IT professional that helps small and medium-sized businesses determine their security state in accordance with Microsoft security recommendations. It also offers specific remediation guidance. Improve your security management process by using MBSA to help detect common security misconfigurations and missing security updates on your computer systems.

• Is there a backup and recovery assessment plan in place?

Ensure that there are backup plans and that the backup server is working effectively.

• How many kinds of antivirus software does the company have? Is antivirus software installed on all systems?

Reliance on a single antivirus platform may expose a company to risks because each package has its own strengths and weaknesses.

• Does the company have a wireless network implemented? If so, is the security on the wireless network-enabled and properly configured?

Even if a wired network is completely secured, an unsecured wireless network can introduce an unacceptable level of risk in an otherwise secure environment. Old wireless standards, such as WEP, are easily compromised, so research should be done to ensure that the most appropriate wireless security solution is in place.

• Are the employees trained about how to prevent malware? Are they educated about the topic of malware risks?

The most common form of malware propagation involves some form of social engineering and the most effective defense against social engineering threats is education.

• Is there a written policy in place about how to prevent or handle malware threats? How often is the policy reviewed? Is it enforced? How well do staff adhere to this policy?

Ensure that users are trained on how to avoid malware threats and malware prevention. It’s very important to have all of this information documented; written policy pertinent to the above information and procedures should exist and be reinforced. Reviews of this policy should be conducted whenever changes occur to ensure the effectiveness and the validity of stated policies.

Physical Security

Physical security entails restricting access to equipment for the purposes of preventing tampering, theft, human error, and the subsequent downtime caused by these actions.

Although physical security is more of a general security issue than a specific malware problem, it is impossible to protect against malware without an effective physical defense plan for all client, server, and network devices within an organization’s infrastructure.

The following list includes critical elements to consider for an effective physical defense plan:

• Building security. Who has access to the building?
• Personnel security. How restrictive is an employee access right?
• Network access points. Who has access to the network equipments?
• Server computers. Who has access rights to the servers?
• Workstation computers. Who has access rights to the workstations?

If any one of these elements is compromised, there is an increased level of risk that malware could bypass the external and internal network defense boundaries to infect a host on the network. Protecting access to facilities and to computing systems should be a fundamental element of security strategies.

For more detailed information, see the “5-Minute Security Advisor – Basic Physical Security” article on Microsoft TechNet at www.microsoft.com/technet/archive/community/columns/security/5min/5min-203.mspx

Logical Security

Software safeguards for information systems in midsize businesses include user ID and password access, authentication, and access rights, all of which are crucial for managing malware risks. These safeguards help ensure that only authorized users are able to perform actions or access information on a particular server or workstation on the network. Administrators should ensure that systems are configured in a way that is consistent with the job function of the computer user. Configuration of these safeguards may consider the following:

• Limiting programs or utilities available to only those needed by the position.
• Increasing controls on key system directories.
• Increased levels of auditing.
• Using least-privilege policies
• Limiting use of removable media, such as floppy disks.
• Who should be granted Administrative right for the backup server, mail server(s), and file server(s)?
• Who should have access to human resources folder(s)?
• What privileged right should be given for cross-department folders?
• Should a workstation be used by different users? If so, what level of access should be given? Are users authorized to install a software application on their workstations?

User IDs, logon IDs or accounts, and user names are unique personal identifiers for users of a computer program or network that is accessible by more than one user. Authentication is the process for verifying that an entity or object is who or what it claims to be. Examples include confirming the source and integrity of information, such as verifying a digital signature or verifying the identity of a user or computer. To enhance security, it is strongly advised that every logon account have a password—secret authentication data that is used to control access to a resource or a computer. After a user can log on to the network, appropriate access rights should be defined. For example, a particular user can access a human resources folder, but only has Read access and cannot make any changes.

Other logical security issues include:

• Password guidelines such as password aging and complexity.
• Data and software backup.
• Confidential information/sensitive data—use encryption where appropriate.

Appropriate authentication and authorization functions must be provided, corresponding with appropriate use and the acceptable level of risk. Attention should be focused on servers as well as workstations. All aforementioned elements of logical security should be clearly written, enforced, made available companywide as point of references.

Proactive vs. Reactive Policies and Procedures

Two basic approaches are used to help manage malware risk: proactive and reactive. Proactive approaches include all measures that are taken with the goal of preventing host-based or network-based attacks from successfully compromising systems. Reactive approaches are those procedures that midsize businesses use after they discover that some of their systems have been compromised by an intruder or attack program such as a Trojan horse or other malware.

Reactive Approaches

If the security of a system or network has been compromised, an incident response process is necessary. Incident response is the method of investigating a problem, analyzing its cause, minimizing its impact, resolving the problem, and documenting every step of the response for future reference.

Just as every company takes some measures to prevent future business losses, each also has plans in place to respond to such losses when the proactive measures either were not effective or did not exist. Reactive methods include disaster recovery plans, reinstallation of operating systems and applications on compromised systems, and switching to alternate systems in other locations. Having an appropriate set of reactive responses prepared and ready to implement is just as important as having proactive measures in place.

The following reactive response hierarchy diagram shows steps for handling malware incidents. Additional information about these steps is provided in the following text.

Figure 2. Reactive Response Hierarchy

• Protect human life and people’s safety. If affected computers include life support systems, shutting them off may not be an option. Perhaps you could logically isolate such systems on the network by reconfiguring routers and switches without disrupting their ability to help patients.
• Contain the damage. Containing the damage that the attack caused helps to limit additional damage. Protect important data, software, and hardware quickly.
• Assess the damage. Immediately make a duplicate of the hard disks in any servers that were attacked and put those aside for forensic use later. Then assess the damage.
• Determine the cause of the damage. To ascertain the origin of the assault, it is necessary to understand the resources at which the attack was aimed and what vulnerabilities were exploited to gain access or disrupt services. Review the system configuration, patch level, system logs, audit logs, and audit trails on the systems that were directly affected as well as network devices that route traffic to them.
• Repair the damage. It is very important that the damage be repaired as quickly as possible to restore normal business operations and recover any data that was lost during the attack.
• Review response and update policies. After the documentation and recovery phases are complete, response and update policies should be thoroughly reviewed.

What should be done if the systems on the network are infected with viruses? The following list includes examples of a reactive approach:

• Make sure the firewall in place is working. Get positive control over inbound and outbound traffic on the systems and on the network.
• Address the most likely suspects first. Clean the most common malware threats and then check for unknown threats.
• Isolate the infected system. Get it off the network and the Internet. Stop the infection from spreading to other systems on the network during the cleaning process.
• Research outbreak control and cleanup techniques.
• Download the latest virus definitions from antivirus software vendors.
• Ensure that antivirus systems are configured to scan all files.
• Run a full system scan.
• Restore missing or corrupt data.
• Remove or clean infected files.
• Confirm that the computer systems are free of malware.
• Reconnect the cleaned computer systems to the network.

Note   It is important to ensure that all computer systems are running recent antivirus software and that automated processes are running to regularly update the virus definitions. It is particularly important that antivirus software be regularly updated on portable computers used by mobile workers.
Maintain a database or a log that keeps track of what patches have been applied to the organization’s most important systems: Internet-accessible systems, firewalls, internal routers, databases, and back office servers.

Proactive Approaches

A proactive approach for risk management has many advantages over a reactive approach. Instead of waiting for bad things to happen and then responding to them afterward, you help minimize the possibility of the bad things ever occurring. Plans should be made to protect the organization’s important assets by implementing controls to mitigate the risk of vulnerabilities being exploited by malware.

An effective proactive approach can help midsize businesses reduce the number of security incidents that arise in the future, but it is not likely that such problems will completely disappear. Therefore, they should continue to improve their incident response processes while simultaneously developing long-term proactive approaches. The following list includes some examples of proactive measures that can help manage malware risks.

• Apply the latest firmware to hardware systems and routers as recommended by vendors.
• Apply the latest security patches to server applications and other applications.
• Subscribe to security-related e-mail lists from vendors and apply patches when recommended.
• Ensure that all Microsoft computer systems are running recent antivirus software.
• Ensure that automated processes are running to regularly update the virus definitions.

Note   It is particularly important that antivirus software be regularly updated on portable computers used by mobile workers.

• Maintain a database that keeps track of what patches have been applied.
• Review security logs.
• Enable perimeter or host-based firewalls.
• Use a vulnerability scanner such as the Microsoft Baseline Security Analyzer to help detect common security misconfigurations and missing security updates on your computer systems.
• Use least-privileged user accounts (LUA). If low-privileged processes are compromised, they will do less damage than high-privileged processes. Consequently, using a non-administrator account instead of an administrator account while completing daily tasks offers the user added protection against infection from a host of malware, external or internal security attacks, accidental or intentional modifications to system setup and configurations, and accidental or intentional access to confidential programs or documents.
• Enforce strong password policies. Strong passwords reduce the likelihood of an attacker using a brute force attack to escalate privileges. Strong passwords typically have the following characteristics:
  • 15 or more characters.
  • Never contain account names, real names, or the company name in any form.
  • Never contain a complete word, slang term, or other readily searchable term.
  • Is significantly different in content from previous passwords and not incremented.
  • Makes use of at least three of the following character types:

– Uppercase letters (A, B, C…)

– Lowercase letters (a, b, c…)

– Numerals (0, 1, 2…)

– Non-alphanumeric symbols (@, &, $…)

– Unicode characters (€, ƒ, λ…)

For more information about password policies, see the “Password Best practices” topic on Microsoft TechNet at http://technet2.microsoft.com/WindowsServer/en/Library/e903f7a2-4def-4f5f-9480-41de6010fd291033.mspx?mfr=true.

Defense-in-Depth

A proactive approach to managing malware risk in a midsize business environment should include the use of a layered defense-in-depth approach to help protect resources from external and internal threats. Defense-in-depth (sometimes referred to as security in depth or multilayered security) is used to describe the layering of security countermeasures to form a cohesive security environment without a single point of failure. The security layers that form the defense-in-depth strategy should include deploying protective measures from external routers all the way through to the location of the resources, and all points in between. Deploying multiple layers of security can help ensure that if one layer is compromised, the other layers will provide the security needed to protect the resources.

This section discusses the defense-in-depth security model, which is an excellent starting point for understanding the concept. This model identifies seven levels of security defenses that are designed to help ensure that attempts to compromise the security of midsize businesses will be met by a robust set of defenses. Each set is capable of helping to deflect attacks at many different levels.

Detailed definitions of each layer can be modified based on different organizations’ security priorities and requirements. The following figure presents the layers of the defense-in-depth model.

Figure 3. The defense-in-depth security model

• Data. Risks at the data layer arise from vulnerabilities an attacker could potentially exploit to gain access to configuration data, organization data, or any data that is unique to a device the organization uses.
• Application. Risks at the application layer arise from vulnerabilities an attacker could potentially exploit to access running applications. Any executable code a malware writer can package outside of an operating system could be used to attack a system.
• Host. This layer is typically targeted by vendors who provide service packs and hot fixes to address malware threats. Risks at this layer arise from attackers exploiting vulnerabilities in the services that the host or device offers.
• Internal Network. The risks to businesses’ internal networks largely concern the sensitive data transmitted via networks of this type. The connectivity requirements for client workstations on these internal networks also have a number of risks associated with them.
• Perimeter Network. Risks associated with the perimeter network layer arise from an attacker gaining access to wide area networks (WANs) and the network tiers that they connect.
• Physical Security. Risks at the physical layer arise from an attacker gaining physical access to a physical asset.
• Policies, Procedures and Awareness. Surrounding all of the security model layers are the policies and procedures the midsize business needs to put in place to meet and support the requirements for each level.

The Data, Application, and Host layers can be combined into two defense strategies to help protect the business’ clients and servers. Although these defenses share a number of common strategies, the differences in implementing client and server defenses are enough to warrant a unique defense approach for each.

The Internal Network and Perimeter layers can also be combined into a common Network Defenses strategy, because the technologies involved are the same for both layers. The implementation details will differ in each layer, depending on the position of the devices and technologies in the organization’s infrastructure. For more information about defense in depth, refer to “Chapter 2: Malware Threats” of The Antivirus Defense-in-Depth Guide at http://go.microsoft.com/fwlink/?LinkId=50964.

Deployment and Management

Strategies for managing malware risk may comprise all the technologies and approaches discussed thus far in this document. It is recommended that reliable, satisfactory antivirus software is deployed on all systems. Windows Defender, a Microsoft tool that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software, should be used in concert with antivirus software. In fact, they should be deployed as soon after the operating system installation as possible. The latest antivirus software patches should be applied immediately and configured to maintain effectiveness at detecting and stopping malware. Because no single approach can be relied upon as a total security solution, firewall, gateway, intrusion detection, and other security solution technologies discussed in earlier sections should be hardened in conjunction with antivirus software.

This section will discuss validation, monitoring and reporting, and available technologies.

Validation

When the previously identified approaches and technologies for managing malware risks have been studied and implemented, how can you assure that they are deployed effectively?

To validate a proposed solution, use the following tools to help validate the network and system environment:

• Antivirus. Scan all systems for viruses using antivirus software with the latest signature file definitions
• Windows Defender. Scan all systems using Windows Defender for spyware and other potentially unwanted software
• Microsoft Baseline Security Analyzer (MBSA). Scan all systems using MBSA to help identify common security misconfigurations. You can learn more on the Microsoft Baseline Security Analyzer Web site at http://go.microsoft.com/fwlink/?linkid=17809.

In addition, any newly created accounts with appropriate access permissions should be tested and verified making sure that they work as intended.

When strategies and implemented technologies have been validated, the use of software and hardware patches should be applied as necessary for continued security effectiveness. Users and especially IT personnel should always stay current with the latest updates.

Monitoring and Reporting

Ongoing monitoring of all devices in the network is essential in order to help detect malware attacks. Monitoring can be a complex process. It requires gatherings of information from a number of sources (such as logs from firewalls, routers, switches, and users) to compile a “normal” behavior baseline that can be used to identify abnormal behavior.

Strategies for monitoring and reporting malware in midsize business environments should include technologies and user education.

Technologies refers to properly deployed and implemented hardware and software technologies that can help midsize businesses monitor and report malware activities and respond accordingly. User education refers to awareness programs that include guidance for users about malware incident prevention, avoidance, and how to report incidents appropriately.

Technologies

It is possible to automate an alert monitoring system so that it can report suspected malware infection to a central location or to an appropriate point of contact who can then inform users how to respond. An automated alert system will minimize the delay between an initial alert and users being aware of the malware threat, but the problem with this approach is that it can generate “false positive” alerts. If no one is screening the alerts and reviewing an unusual activity reporting checklist, it is likely that alerts will warn of malware that is not present. This situation can lead to complacency, because users will quickly become desensitized to alerts that are generated too frequently.

It may be helpful to assign members of the network administration team the responsibility of receiving all automated malware alerts from all system monitoring software or antivirus packages that the company uses. The responsible individual or team can then filter out the false positive alerts from the automated systems before issuing alerts to users.

It is recommended that malware solutions be constantly reviewed and kept up-to-date. All aspects of malware protection are important, from simple automated virus signature downloads to complete changes in operational policy. Although some of the following tools have already been mentioned, they are essential for security management, monitoring and reporting:

• Network Intrusion Detection (NID). Because the perimeter network is a highly exposed part of the network, it is extremely important that network management systems are able to detect and report an attack as soon as possible.
• Microsoft Baseline Security Analyzer (MBSA). Improve the security management process by using MBSA to detect common security misconfigurations and missing security updates on computer systems.
• Antivirus signature scanner. Most antivirus software programs currently use this technique, which involves searching the target (host computer, disk drive, or files) for a pattern that could represent malware.
• SMTP gateway scanners. These Simple Mail Transfer Protocol (SMTP)-based e-mail scanning solutions are usually referred to as antivirus “gateway” solutions. They have the advantage of working with all SMTP e-mail services rather than being tied to a specific e-mail server product.
• Log files. Files that list details of file accesses are stored and kept on a server. Log file analysis can reveal useful data about Web site traffic.
• Event Viewer. The administrative tool that reports errors and other events, such as driver failures, file errors, logons, and logoffs.
• Microsoft Windows Defender. A program that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software. It features Real-Time Protection, a monitoring system that recommends actions against spyware when it’s detected, and a new streamlined interface that minimizes interruptions and helps users stay productive.
• Use Dynamic Security Protection in Internet Explorer 7.

Additional recommended tools that can help scan and apply the latest updates or fixes include:

• Microsoft Windows Server Update Services (WSUS) provides a comprehensive solution for managing updates within midsize business network.
• Microsoft Systems Management Server 2003 SP 1 provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively.

Consider subscribing to any new patches that are applicable to your organization. To receive these notifications automatically, you can subscribe to Microsoft Security Bulletins at http://go.microsoft.com/fwlink/?LinkId=21723.

User Education

As mentioned in an earlier section of this document, all users should be educated about malware and its characteristics, the severity of potential threats, avoidance techniques, the ways that malware spreads, and the risks that malware poses. User education should also include awareness of the policies and procedures that apply to malware incident handling, such as how to detect malware on a computer, how to report suspected infections, and what users themselves can do to assist incident handlers. Midsize businesses should conduct training sessions about strategies for managing malware risks for IT staff members who are involved in malware incident prevention.

Top Of Page

Summary

Malware is a complex and constantly evolving area of computer technology. Of all the problems that are encountered in IT, few are as prevalent and costly as malware attacks and the associated costs of dealing with them. Understanding how they work, how they evolve over time, and the attack vectors that they exploit can help midsize businesses deal with the issue proactively and create more efficient and effective reactive processes. Malware uses so many techniques to create, distribute, and exploit computer systems that it can be difficult to understand how any system can be made secure enough to withstand such attacks. However, understanding the challenges and having strategies for managing malware risks in place will enable midsize businesses to manage their systems and network infrastructure in a manner that helps reduce the likelihood of a successful attack.

 

---

Get Professional Assignment Help Cheaply

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Why Choose Our Academic Writing Service?

• Plagiarism free papers
• Timely delivery
• Any deadline
• Skilled, Experienced Native English Writers
• Subject-relevant academic writer
• Adherence to paper instructions
• Ability to tackle bulk assignments
• Reasonable prices
• 24/7 Customer Support
• Get superb grades consistently

 

Online Academic Help With Different Subjects

Literature

Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.

Finance

Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.

Computer science

Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!

Psychology

While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.

Engineering

Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.

Nursing

In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.

Sociology

Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.

Business

We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!

Statistics

We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.

Law

Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.

What discipline/subjects do you deal in?

We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.

Are your writers competent enough to handle my paper?

Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.

What if I don’t like the paper?

There is a very low likelihood that you won’t like the paper.

Reasons being:

• When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
• We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.

In the event that you don’t like your paper:

• The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
• We will have a different writer write the paper from scratch.
• Last resort, if the above does not work, we will refund your money.

Will the professor find out I didn’t write the paper myself?

Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.

What if the paper is plagiarized?

We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.

When will I get my paper?

You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.

Will anyone find out that I used your services?

We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.

How our Assignment  Help Service Works

1.      Place an order

You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.

2.      Pay for the order

Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.

3.      Track the progress

You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.

4.      Download the paper

The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.

PLACE THIS ORDER OR A SIMILAR ORDER WITH US TODAY AND GET A PERFECT SCORE!!!

---