MALICIOUS CODE INCIDENTS 1 MALICIOUS CODE INCIDENTS Definition
- Slides: 22
MALICIOUS CODE INCIDENTS 1
MALICIOUS CODE INCIDENTS Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2
MALICIOUS CODE INCIDENTS Malicious Activities Include : Destroy Run data. destructive or intrusive programs. Compromise the security or the confidentiality, integrity, and availability of the victim’s data, applications, or operating system. 3
MALICIOUS CODE INCIDENTS Types Of Threats : 1)Viruses Compiled Viruses Interpreted viruses 2)Worms Network Service Worms Mass mailing Worms 3)Trojan Horses 4
MALICIOUS CODE INCIDENTS Types Of Threats : 4)Malicious Mobile Codes Mostly Java, Active. X, Java. Script, and VBScript codes. 5)Blended Attacks Combination of 1 to 4 6) Attack Tools Backdoors Rootkits Key Loggers … 5
MALICIOUS CODE INCIDENTS Types Of Threats : 7) Tracking Cookies 8) Non-malware threats Hoax Phishing 6
MALICIOUS CODE INCIDENTS Step 1 : Preparation 1) Preparation I. III. Awareness Deployment Resources Prevention 2) I. III. Education Configuration Control 7
MALICIOUS CODE INCIDENTS Step 2: Detection and Analysis Fast spread of incident so: Rapid Detection is Necessary Precursors often appear immediately before an incident So: Group must not wait for indications Most of indications could have causes other than malware 8
MALICIOUS CODE INCIDENTS Step 2: Detection and Analysis Precursors and Reactions: An alert warns of new malicious code. Research and Block Ways of Entrance Antivirus software detects and successfully disinfects or quarantines a newly received infected file Find Reason And Mitigate Vulnerability 9
MALICIOUS CODE INCIDENTS Step 2: Detection and Analysis Special Indications of Each Malicious Code Virus Changes to templates for word processing documents, spreadsheets, etc. Deleted, corrupted, or inaccessible files Unusual items on the screen, such as odd messages and graphics 10
MALICIOUS CODE INCIDENTS Step 2: Detection and Analysis Special Indications For Each malicious Code Worm: Port scans and failed connection attempts targeted at the vulnerable service Increased network usage Trojan: Network connections between the host and unknown remote systems Unusual and unexpected ports open 11
MALICIOUS CODE INCIDENTS Step 2: Detection and Analysis Special Indications For Each malicious Code Malicious Mobile Code To spread Virus, worm, … Unexpected dialog boxes, requesting permission to do s. th Unusual graphics, such as overlapping message boxes exploit vulnerabilities Network connections between the host and unknown remote systems Receiving No Hoax Reports links to outside sources 12
MALICIOUS CODE INCIDENTS Step 3: 1)Containment Strategies All incident Prevention Activities must be done in order to stop spread of virus Other Activities : Notification Isolation Change Access rules Identification of infected hosts is not easy 13
MALICIOUS CODE INCIDENTS Step 3: 2)Eradication And Recovery Some Infected files can not be cleaned System Restore may be needed Securing system is the last step 14
MULTIPLE COMPONENT INCIDENTS 15
MULTIPLE COMPONENT INCIDENTS Definition : A Multiple Component incident is a single incident that encompasses two or more incidents. 16
MULTIPLE COMPONENT INCIDENTS Example: 17
MULTIPLE COMPONENT INCIDENTS Step 1&2 : Preparation, Detection, Analysis Conduct exercises reviews scenarios involving multiple component incidents. Efficient incident analysis: centralized logging correlation software. 18
MULTIPLE COMPONENT INCIDENTS Step 3: Containment, Eradication, Recovery Approach : Contain the initial incident and then search for signs of other components Gauss if incident have other components Unauthorized access incidents are more likely to have multiple components 19
MULTIPLE COMPONENT INCIDENTS Step 3: Containment, Eradication, Recovery Prioritization: Components Response Another It must be separately prioritize the most urgent one factor: How current each component is may be possible to contain the whole incident by containing just one component 20
REFERENCES Computer Security Incident Handling Guide National Institute of Standard and Technology (NIST) U. S A Step-By-Step Approach on How To Set Up a CSIRT European Network and Information Security Agency (ENISA) Expectations for Computer Security Incident Response RFC 3250 Handbook for Computer Security Incident Response Teams Carnegie Mellon University , 2 nd Edition: April 2003 Defining Incident Management Processes for CSIRTs: A Work in Progress Chris Alberts, Audrey Dorofee, Georgia Killcrece, Robin Ruefle, Mark Zajicek, October 2004 21
Thanks For Your Attention 22
- Malicious definition
- Does malicious code manifest itself
- Code commit code build code deploy
- How does nick characterize the guests at gatsby's party
- Pipeline pigging incidents
- Why computer incidents are so prevalent
- Zero incidents
- Safety rule violations can cause hunting incidents
- Mulan rising action
- Ics 400: advanced ics for complex incidents-aberdeen
- Arrangement of plot
- A malicious program designed to replicate itself
- Short for malicious software
- Malicious attacks threats and vulnerabilities
- Malicious logic in information security
- Malicious logic
- Malicious logic in information security
- Known malicious user-agents
- Non malicious program errors
- Malicious software in cryptography and network security
- Malicious in a sentence
- Malicious software
- Malicious meaning