Classification Description: Malicious Code and Activity
Base on the premise that there is a mix of computers running Windows 2000, Windows XP, Windows Vista, Windows 7, and Mac OS X, you must research and devise a plan to thwart malicious code and activity by implementing countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created deviant code.
Malicious software is written with the intent to damage or infect the system of Richman Investment. Malicious code or software is a threat to any internet-connected device or computer. The main goal of the attack is to affect one ...view middle of the document...
The controls are of the preventative and detective/corrective variety. Controls are applied at the host, network, and user levels:
* Host hardening, including patch application and security-minded configurations of the operating system (OS), browsers, and other network-aware software.
* Host IPS, including anti-virus, anti-spyware, and anti-rootkit can enable the hiding and surreptitious execution of malicious software code. An additional technology is software that limits applications calls to the OS to the minimum necessary for the application to function.
* Integrity checking software, combined with strict change controls and configuration management.
* Application of known-good configurations at boot-up.
* Periodic auditing of host configurations, both manual and automated.
* Limiting the transfer of executable files through the perimeter.
* IDS and IPS monitoring of incoming and outgoing network traffic, including anti-virus, anti-spyware and signature and anomaly-based traffic monitors.
* Routing ACLs that limit incoming and outgoing connections as well as internal connections to those necessary for business purposes.
* Proxy servers that inspect incoming and outgoing packets for indicators of malicious code and block access to known or suspected malware distribution servers.
* Filtering to protect against attacks such as cross-site scripting and SQL injection.
* User education in awareness, safe computing practices, indicators of malicious code, and response actions.
Network Users (including departmental staff on permanent, temporary, contract or casual tenure):
* Ensure they do not disable or interfere with the operation of antivirus software.
* Ensure corporate/education and TAFE personal computers/laptops in use are regularly made available for antivirus software updates.
* Exercise caution when opening email and related attachments.
* Do not download software from the Internet unless authorized by senior management and the technology support officer. Risks may include infringement of copyright in addition to introduction of malware or malicious code.
* Scan downloaded software for malware and malicious code.
* Do not develop, distribute or run...