Network Defense and
Countermeasures
by Chuck Easttom
Chapter 9: Defending Against Virus Attacks
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 2
Objectives
Explain how virus attacks work
Explain how viruses spread
Distinguish between different types of virus
attacks
Employ virus scanners to detect viruses
Formulate an appropriate strategy to defend
against virus attacks
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 3
Introduction
Defending against virus attacks is more than
having antivirus software in place.
Organizations need to understand the nature of
viruses in relation to other types of attacks so
that they can reduce the overall effects and
impact that viruses can have on their
organization.
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 4
Understanding Virus Attacks
Some questions that should be answered to
help understand virus attacks:
What is a virus?
What is a worm?
How does a virus or worm spread?
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 5
How Does a Virus Spread?
Common ways viruses and worms spread:
1. Attaching itself to an external e-mail system
2. Finding connected computers and copying itself
3. More recently, using its own e-mail engine
4. Instant messaging (newest form)
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 6
How Does a Virus Spread? cont.
Recent examples of worm attacks:
Zafi
Mabutu
Bropia
Santy
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 7
The Virus Hoax
Jdbgmgr hoax
Tax return hoax
W32.Torch hoax
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 8
Virus Scanners
Software that tries to prevent viruses from
infecting machines.
Works in two ways, generally:
Contains a list of known virus files in a .dat file
and compares files on your computer to that file
Monitors the computer for certain types of virus
behavior
Can be on-demand or ongoing scanning
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 9
Virus Scanning Techniques
E-mail and attachment scanning
Download scanning
File scanning
Heuristic scanning
Active code scanning
Instant messaging scanning
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 10
Commercial Antivirus Software
Factors to consider when choosing antivirus
software:
Budget (price)
Vulnerability (how often is e-mail used or files
downloaded?)
Skill (users need to understand how to use it)
Technical (specifications of the software and how
it functions)
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 11
Commercial Antivirus Software cont.
McAfee VirusScan
Very affordable
Different versions for different levels of
vulnerability
Easy to use
Technically sound virus scanner
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 12
McAfee Virus Map
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 13
Commercial Antivirus Software cont.
Norton Antivirus
Very affordable
Different versions for different levels of
vulnerability
As easy to use as McAfee
Technically sound virus scanner
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 14
Commercial Antivirus Software cont.
Avast! Antivirus
Free
Commercial version for enterprise settings
GUI interface for ease of use
Does not have a virus map (like McAfee)
Does not pick up hacking tools (like Norton)
www.avast.com
http://www.avast.com/
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 15
Commercial Antivirus Software cont.
PC-cillin
(www.trendmicro.com)
GUI interface
Includes wireless
scanning
http://www.trendmicro.com/
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 16
Commercial Antivirus Software cont.
Panda (www.pandasoftware.com)
Available in both commercial and free versions
Personal firewall can be bundled with it
Offered in multiple languages
Other Virus Scanners
http://www.pandasoftware.com/
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 17
Antivirus Policies and Procedures
Brief summary of possible policies:
Always use a virus scanner
If you are not sure about an attachment, do not
open it
Consider exchanging a code word with friends
Do not believe “security alerts” you are sent
Be skeptical of any e-mail you are sent
Do not download files from the Internet
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 18
Additional Methods for Defending
Your System
Set all browsers to block active code
Set all user accounts so that they cannot
install software or change browser security
Segregate subnetworks
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 19
What to Do If Your System Is
Infected by a Virus
Need to focus on three things:
Stopping the spread of the virus
Removing the virus
Finding out how the infection started
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 20
Stopping the Spread of the Virus
Priority number 1
Follow these steps:
1. If infection is on a WAN, disconnect the WAN.
2. If on a subnet, disconnect that subnet.
3. Disconnect vital servers that might be connected
to an infected machine.
4. Disconnect any backup devices that might be
connected to an infected machine.
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 21
Removing the Virus
Virus propagation must be stopped first
Run antivirus software
Find removal instructions on the Internet
Some viruses cannot be removed
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 22
Finding Out How the Infection Started
Talk to users of infected machines
Read any online documentation on that virus
Check activity logs from the machine
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 23
Summary
Virus attacks and hoaxes are arguably the
greatest threat to computer networks
Sophistication of viruses and worms is
increasing
It is necessary to understand how viruses
work to prevent infection
You also need to know how viruses spread
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 24
Summary cont.
There are a number of ways to reduce
exposure to viruses
Virus scanners
Understand how they work
Be familiar enough to choose the right one for your
organization
Come in both commercial and free versions
Establish written policies and procedures
© 2014 by Pearson Education, Inc. Chapter 9 Defending Against Virus Attacks 25
Summary cont.
There are a number of ways to reduce
exposure to viruses (continued)
Block installation of software by users
Secure the browser
Separate subnetworks
Security should have a multilayer approach
Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more