Network activity and usage monitoring can form the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: hine before all its behaviors can be identified, it can cause harm before it has been detected and blocked Perimeter Scanning Approaches •  anti-virus software typically included in e-mail and Web proxy services running on an organization’s firewall and IDS •  may also be included in the traffic analysis component of an IDS •  may include intrusion prevention measures, blocking the flow of any suspicious traffic •  approach is limited to scanning malware ingress monitors egress monitors located at the border between the enterprise network and the Internet located at the egress point of individual LANs as well as at the border between the enterprise network and the Internet one technique is to look for incoming traffic to unused local IP addresses monitors outgoing traffic for signs of scanning or other suspicious behavior • two types of monitoring software Worm Countermeasures •  considerable overlap in techniques for dealing with viruses and worms •  once a worm is resident on a machine anti-virus software can be used to detect and possibly remove it •  perimeter network activity and usage monitoring can form the basis of a worm defense •  worm defense approaches include: –  –  –  –  –  –  signature-based worm scan filtering filter-based worm containment payload-classification-based worm containment threshold random walk (TRW) scan detection rate limiting rate halting Digital Immune System Worm Countermeasure Architecture Summary •  types of malicious software (malware) •  terminology for malicious software •  viruses – infected content –  infection mechanism, trigger, payload –  dormant, propagation, triggering, and execution phases –  boot sector infector, file infector, macro virus, and multipar...
View Full Document

This note was uploaded on 02/11/2014 for the course CS 356 taught by Professor Danmassey during the Spring '13 term at Colorado State.

Ask a homework question - tutors are online