Lines of Defense against Malware Prevention Keep Malware

“Lines of Defense” against Malware.

Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any damage. Defense: Use antivirus software and keep it updated. Cleanup: Have a backup plan to recover from a Malware attack.

The following Personnel Countermeasures are effective in controlling Malware infections: Security Policy and Procedures Training and Awareness Physical Security Dedicated Management Technology Firewalls and Intrusion Detection Virus Protection Authentication and Authorization Encryption Third Party Auditing and Assessment Data and Information Backup

Prevention Know enough about computer security to use measures effectively. Keep your passwords secure. Keep your system patched and up-to-date. Use Firewalls SPAM/Phishing: Don’t spread your own email address. Don’t “opt-out” or reply to any SPAM. This only confirms it is a valid email address. Use filters. Don’t readily comply with emails asking you to read attachments or visit links.

Security Policies are the foundation of information security within an enterprise. You should ensure that they are comprehensive enough, are always up-todate, complete, and are understood by all staff. Simply having a Security Policy is not enough. The policies must be implemented to be effective. A sound Security Policy will mitigate internal attacks from disgruntled employees.

Employees play a critical role in protecting the confidentiality, integrity, and access to your network. Training in security awareness and accepted user policy practices should be mandatory for all staff, both upon their initial hiring and annually thereafter. Awareness should be ongoing throughout the enterprise.

Physical Security Enterprises should define physical security measures and implement appropriate preventative controls in each area to protect against the risks of physical access by malicious or unauthorized people.

Firewalls A Firewall is a piece of hardware, or software that selectively stops or permits network traffic based on a set of rules. You should use the built-in firewall in Windows XP, Mac OS, or Linux. Home Routers with a personal firewall for your home internet connection are a good plan, especially any wireless systems. Configure the firewall as tightly as possible, blocking anything you don’t need.

A firewall’s strength is relative to its configuration. It controls the flow of data into and out of a Local Area Network. It is the gatekeeper between a private network (LAN) and the public Internet. A firewall will mitigate Denial of Services (Do. S) attacks, portscanning and probing attacks, as well as simple unauthorized Access from outside the network.

An Intrusion Detection Systems complements firewalls to detect if internal assets are being hacked or exploited. Network-based Intrusion Detection systems monitor real-time network traffic for malicious activity. They work in a similar manner to a network sniffer. – If certain network traffic meets an attack pattern or signature, they will send an alarm. They monitor computers or server files for anomalies and send alarms for network traffic that meets a predetermined attack signature. IDS will mitigate Denial of Service (Do. S) attacks, website defacements, and malicious codes and Trojans.

Virus Protection Software should be installed on all network servers, and host computers. It should be the latest version, and be regularly updated with the latest signature files (detected viruses). Virus protection should screen all software coming into your computer or network system (files, attachments, programs, etc. ) Virus protection software will mitigate Viruses, Worms, malicious codes, and Trojans.

Authentication comes in three forms: What you have, (Smartcards, tokens), what you know (Passwords, PINs), or who you are (Biometric Fingerprint, Retina scans). Two factor authentication is the strongest, meaning two out of the three forms being used. Passwords are the most common, and should be at least (8) mixed characters and numbers. They should be changed at least every (90) days, and should have a timeout of (3) attempts. Authorization is what an individual has access to once authenticated.

Encryption protects data in transit or stored. Ciphering data through the use of shared software keys, ensures data cannot be accessed without having the appropriate software keys. Common use of encryption includes Virtual Private Networking (VPN), a Secure Sockets Layer, S-MIME, and WEP.

VPN is used to secure data transfer across the Internet. Secure Sockets Layer is used to secure client to server web-based transactions (https: //). S-MIME is used to secure e-mail transactions, while WEP, Wireless Equivalency Privacy protocol is used to secure wireless transactions. Use of these will mitigate Data sniffing, spoofing, and wireless attacks.

Data Backups are a must have for disaster recovery and business continuity. Backups should include daily and periodic (weekly) backups. These should be stored off-site, at least twenty miles away from geographic location, and have immediate access.

Backups should be kept for at least thirty days. This will mitigate any lost data or information that is compromised in any attack mentioned previously, or in the event of a fire, human caused or natural disaster.