6 steps to plan harmful software counter-attacks

As a security administrator, we strive to be a pioneer in this area - apply pieces and updates, penetration testing and set-up policies. Unfortunately, sometimes every defense in the world cannot protect your system from the spread of harmful software — be it viruses, worms or some other harmful software. So what is the best method to handle it?

Security events often change both in size and purpose. So it is imperative to have a policy in place, a response plan that needs to be realistic.

A back-up plan is not about focusing on aggressive attacks, but instead, it needs to focus on the quality within your system.

Must understand what harmful software is?

Malware is malicious code or software that is secretly introduced into the system to infiltrate the confidentiality, integrity and availability of data or applications online. Malicious software can cause widespread damage to the network, and then requires costly efforts to restore system security and user trust.

We can divide threats into the following five categories:

1. Virut : The codes copy the virus's replication into data files or programs on the server. Viruses can attack both operating systems and applications.
2. Worm : Copy to programs without user intervention. The worm creates its own copy, and they do not require a server program to spread in the system.
3. Trojan horses : A self-replicating program, it seems harmless but actually hides many dangers. Trojan horses often spread system attack tools.
4. Malicious mobile code : This software with infringe the line from a remote system to the local system. Attackers transmit viruses, worms and Trojan horses to users' workstations. Dangerous mobile code exploits vulnerabilities by taking advantage of default privileges and unpatched system vulnerabilities.
5. Tracking cookies : used by many websites, these cookies allow a third party to create user interest profiles. Attackers often use tracking cookies in conjunction with web errors.

These are the main dangers that threaten users and networks. What happens when they succeed? An effective counterattack plan consists of six steps:

1. Preparation : Develop specialized policies and procedures for harmful software. Control the training and guidance of harmful software orientation to check policies and procedures. Determine whether the procedures work before actually using them.

2. Detection and analysis : Deploy, monitor anti-virus / spyware software. Read harmful software guidelines and warnings provided by antivirus / spyware vendors. Create mobile toolkits that contain updated tools to identify harmful software, test running processes and perform many other analytical activities.

3. Prevent : Ready to shut down the server / workstation or block services (such as e-mail, web browser or Internet access) to prevent the spread of harmful software. Choose who has the right to make a decision to solve the problem based on the activity of harmful software. Early prevention can stop the spread of harmful software and prevent damage to both internal and external networks.

4. Elimination : Ready to use various eradication techniques to remove harmful software from infected systems.

5. Restore : Restoring confidentiality, integrity and availability of data on infected systems and changing containment policies if necessary. This includes reconnecting systems / networks and rebuilding the system that was attacked from previous system backups. The counter-attack plan needs to assess the risks of restoring network services and rely on this assessment to make management decisions about the recovery of services.

6. Report : Collect the experience gained after each attack to prevent similar events in the future. Record changes in security policies, software configuration, and the addition of harmful controls / detection.

End

All methods have only a preventive effect, the most important thing is the user awareness and knowledge. Train users how to identify poisoning and teach users steps to avoid spreading the system.