The mobile environment prevalent on networks today poses significant challenges since laptops are routinely taken out of the "secure" environment and connected to potentially "insecure" environments such as home networks. A laptop can be infected with a worm or virus and then bring it back into the "secure" environment where it can infect other systems. The quarantine phase involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing the infected machines. This isolates these systems appropriately for the final phase. During the treatment phase actively infected systems are disinfected of the worm. This can involve simply terminating the worm process and removing any modified files or system settings that the worm introduced, and patching for the vulnerability the worm used to exploit the system. In other cases a complete re-install of the system may be warranted in order to confidently ensure that the worm and its byproducts are removed.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.