Malware Responses: What To Do Before, During, And After An Attack

By Ross M. Greenberg

July 10, 2006

(Malware Responses: What To Do Before, During, And After An Attack :  Page 1 of 1 )

Preparing For Attacks

• Always use licensed software, and keep all software on every system up to date with the latest critical patches.
• Scan all systems regularly to ensure they are virus-, Trojan-, and spyware-free. Make sure your security software protects all network entry and exit points and that it's updated with the most recent signature files.
• Back up all systems on a regular schedule (weekly is good; daily is better).
• Subscribe to security vendors' e-bulletins so you'll be aware of current vulnerabilities, patches, and exploits.
• Set up a response team that includes a member of management as well as technically competent people who are knowledgeable on malware and security matters. This team must be available 24x7.
• Set up a telephone list of people to contact if a problem occurs. Expect that a problem will occur at the worst possible time, such as at midnight on New Year's Eve.
• Make sure that all appropriate personnel have hard copy for all pertinent contacts. Presume that the malware attack will take out all access to your electronic data.
• Have temporary backup/replacement systems (these should be clones of your most sophisticated systems, with large hard disks and sufficient memory) in case you need them; be able to restore your systems from those backups, if required. You need to have enough clean systems to be able to use them to clean up the dirty systems one at a time. Copy the whole hard disk, and make sure you're working with full system disk images -- boot images too!
• Restoring systems will involve restoring data from firewalls. Know pertinent port numbers and so forth. This, too, should be available in hard copy.
• Most attacks are introduced unknowingly by insiders. Educate, educate, educate your users.
  
  

   Page 1 of 1 

  
  
  BYTE.com > Features > 2006