Combating Internet Worms
by Vincent Bieri - Business Development Manager - EMEA Security Technology for Cisco Systems - Monday, 10 May 2004.
There are six steps involved in a worm mitigation methodology, in order: preparation, identification, classification, trace back, reaction, and post-mortem. The reaction phase can broken down into containment, inoculation, quarantine, and treatment. Worm mitigation requires coordination between system administration, network engineering, and security operations personnel. This is critical in responding effectively to a worm incident. The containment phase involves the limiting of the spread of a worm infection to those areas of the network already affected. With the worm infection contained, or at the least, significantly slowed down, the inoculation process further deprives the worm of any available targets.

The mobile environment prevalent on networks today poses significant challenges since laptops are routinely taken out of the "secure" environment and connected to potentially "insecure" environments such as home networks. A laptop can be infected with a worm or virus and then bring it back into the "secure" environment where it can infect other systems. The quarantine phase involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing the infected machines. This isolates these systems appropriately for the final phase. During the treatment phase actively infected systems are disinfected of the worm. This can involve simply terminating the worm process and removing any modified files or system settings that the worm introduced, and patching for the vulnerability the worm used to exploit the system. In other cases a complete re-install of the system may be warranted in order to confidently ensure that the worm and its byproducts are removed.

Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 3rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //