Combating Internet Worms
by Vincent Bieri - Business Development Manager - EMEA Security Technology for Cisco Systems - Monday, 10 May 2004.
There are six steps involved in a worm mitigation methodology, in order: preparation, identification, classification, trace back, reaction, and post-mortem. The reaction phase can broken down into containment, inoculation, quarantine, and treatment. Worm mitigation requires coordination between system administration, network engineering, and security operations personnel. This is critical in responding effectively to a worm incident. The containment phase involves the limiting of the spread of a worm infection to those areas of the network already affected. With the worm infection contained, or at the least, significantly slowed down, the inoculation process further deprives the worm of any available targets.

The mobile environment prevalent on networks today poses significant challenges since laptops are routinely taken out of the "secure" environment and connected to potentially "insecure" environments such as home networks. A laptop can be infected with a worm or virus and then bring it back into the "secure" environment where it can infect other systems. The quarantine phase involves tracking down and identifying infected machines within the contained areas and disconnecting, blocking, or removing the infected machines. This isolates these systems appropriately for the final phase. During the treatment phase actively infected systems are disinfected of the worm. This can involve simply terminating the worm process and removing any modified files or system settings that the worm introduced, and patching for the vulnerability the worm used to exploit the system. In other cases a complete re-install of the system may be warranted in order to confidently ensure that the worm and its byproducts are removed.

Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //