Malware Techniques - Cyber Security

Categories: Network

With the recent breaches in network security, it has drawn a lot of attention to network security concerns. As technology expands at a rapid rate, it is important to protect the information as well as the individuals dealing with the networks. Moreover, society is constantly living in fear of the devastating effects of hackers' actions. To keep the operating safe there are methods on maintain computer operating systems, such as protecting against network attacks, malware removal techniques, and establishing security policies.

Malware

Malware is a collection of different types of software that share the goal of infiltrating a computer and making it do something. (Solomon, 2014) It is mostly used by unethical hackers to cause harm and destruction. The mission of malware is to disrupt operations, gather information, and gain unauthorized access to restricted computer resources. Companies need to be aware of how a virus can affect daily operations.

A computer virus is a software program copies itself into another program. According to the article Technological Networks and the Spread of Computer Viruses, Virus halted or hindered operations at numerous businesses and other organizations, disrupt cash dispensing machines, delayed airline flights, and even affected emergency call centers.

Get quality help now
KarrieWrites
KarrieWrites
checked Verified writer

Proficient in: Network

star star star star 5 (339)

“ KarrieWrites did such a phenomenal job on this assignment! He completed it prior to its deadline and was thorough and informative. ”

avatar avatar avatar
+84 relevant experts are online
Hire writer

(Balthrop, Forrest, Newman, Williamson, 2004) It takes control of an operating system causing it to follow the instructions not intended by the user. The virus cannot exist without a host. Thousands of viruses infect operating systems by attaching themselves to commonly run programs. In addition, not only does malware affect daily life it can also cause financial damages.

Get to Know The Price Estimate For Your Paper
Topic
Number of pages
Email Invalid email

By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email

"You must agree to out terms of services and privacy policy"
Write my paper

You won’t be charged yet!

The Sobig virus alone is said to have caused billions in damages, which experts believed could have caused more damages. (Balthrop, Forrest, Newman, Williamson, 2004) This was successful because the virus was able to overwhelm a network or computer the ability to communicate with other devices or essential programs. By installing anti-virus and anti-spyware it can help IT professional combat malware.

Another type of malware is a worm. A worm is a program that replicates and sends copies of itself to other computers, generally across a network. An example is a worm called MyDoom which was causing damages to thousands of Internet users. MyDoom disguised itself as an email that was not delivered properly as an attempt to get recipients to open attachments that launch the malicious code. Almost 60 percent of Internet traffic was comprised of MyDoom-infected e-mail messages. (Erbschloe, 2005) Also, MyDoom was programmed to launch a full-scale denial-of-service attack against the company SCO Group Inc. The traffic created by MyDoom caused Web site performance to degrade as much as 55 percent. This shows that a worm can have devastating effects on Internet users and its organizations.

The Trojan is a malware that either hides or masquerades as a useful or benign program. (Solomon, 2014) The term Trojan came from the old Greek story of the Trojan horse given as a gift as a disguise in the Aeneid. This malicious code acts as the story disguising itself to trick the user into running the program that is hiding the malicious code. According to Channel New Asia, Computers and servers in the lower house of the country's parliament became infected by a Trojan horse virus after one politician opened an email attachment. (Russell, 2011) This means anyone can be prone to a Trojan attack.

Malware Removal Techniques

If an operating system gets infected with a virus and/or malware it can have a nasty effect on the network. There are different techniques to help with the removal. Et Tittel noted, "30 to 45 minutes per machine was typical for my test and production machines."(Tittel, 2005) So depending on the amount of operating system in an organization the process can be time consuming. First, if malware is detected after installing the software the easiest fix may be to uninstall the offending software. (Solomon, 2014) Then after this process is complete perform another scan to ensure the malware is removed.

Furthermore, if the anti-malware software fails to detect or remove the malware the next step is to employ the Microsoft Malicious Software Removal Tool. This tool helps uninstall programs that the malware is normally found. However, if the malware is still being detected the next steps will be to disconnect the infected computer from the network, download an additional anti-malware, install additional products to clean the infected computer and perform another scan. (Solomon, 2014) Once the process is complete always check more than one time to make sure a system is clean. By using enough scanning tools "including anti-virus and other malware, plus an addition anti-spyware products" to clean up all potential sources of infection and infestation. (Tittel, 2005)

Defending the Network

There are four sets of available tools to help in defending a network against attack. The set includes; management, filtering, intrusion detection, and encryption.

The first is a configuration management and operational security. Microsoft normally releases security patches once a month and as soon as they come out, the attackers are work ways to exploit the patch. A well-run firm will test its operational systems quickly on Patch Tuesday and apply the patches, provided they don't break anything important. (Clarke, 2013) It's also common to remove unnecessary services from machines. there is usually no reason for every workstation in your company to be running a mail server, and FTP server because by removing things can reduce the attack surface.

A firewall is a common defense in protecting against network threats and data being transferred and stored in computer operating systems. If filters network traffic to block suspicious packets or messages trying to infiltrate the network. A firewall examines all network traffic and compares it with predefined rules. (Solomon, 2014) These rule the administrator sets tells the firewall whether to allow or deny traffic. Once the firewall detects a packet that goes against the rule the firewall then drops any network messages that are unauthorized or suspicious. The firewall consists of routers and gateways to filter traffic before forwarding it. Many organizations use two firewalls to create an untrusted network that Internet users can access and a trusted network for secure resources. (Solomon, 2014)

As North and South Korea have a demilitarized zone (DMZ) that separates the two countries, so does the network. It is known as the untrusted network. The DMZ acts as an area where unauthorized users can access before getting into the trusted network. It's a convenient place for Web servers, File Transfer Protocol servers. (Solomon, 2014) As J. Michael Stewart stated the importance of firewalls, " Without firewalls, most of your network's capabilities would be consumed by worthless or malicious traffic from the Internet."(Stewart, 2014)

Hardware vs Software Firewalls

A firewall consists of either software and hardware. They both function to protect against network threats, however they each perform a different way. Hardware firewalls are the most seen in broadband modems and are the first line of defense. The typical Broadband router uses a technique called packet filtering, which examines the header of a packet to determine its source and destination addresses. (Pacchiano, 2011) Keeping malicious content from infiltrating the network is the main function of the hardware firewall. It can also treat any traffic traveling from the local network as secured, which can cause issues down the road.

A software firewall is installed directly on a computer, where it can gather information on the network traffic, detect what program is trying to access the Internet, and whether is legit or malicious. It either allows or blocks a program's ability to send and receive data. (Pacchiano, 2011) Also, it can scan malicious traffic and confront it before it leaves the computer. IT administrators shouldn't just rely on the Windows built-in firewall because it doesn't automatically block outgoing traffic just the incoming. It's one reason why companies consider have a third-party firewall, due to the fact that the configurations can be set manually.

A strict and detailed security policy will help protect network security. In order to establish protection against external and internal attacks, an Intrusion Detection System (IDS) should be planned and implemented (Kaeo, 2003). The Intrusion Detection System (IDS) normally consists of a firewall and other network defense software. It is crucial to set up the IDS to combat all types of threats and logging the attacks. In addition to confronting the common network threats, it is necessary to analyze every threat that can impose on the network by multiple threats and prioritize which one could have a greater risk.

Establishing Security Policies

Establishing security policies is one of the best ways to secure any organization's network. Many users will install software from questionable Web sites thinking there's no harm despite the fact that these actions could violate company policies. This can cause issues within an organization if employees aren't aware of the policies, the importance of threats, and how to prevent them.

An access control policy (AC) is a set of rule rules that restrict which objects a subject is allowed access. This prevents those without the right clearance to access certain folders. AC system ensures no privilege can be escalated to unauthorized principals and correct privileges are always accessible to authorized principals. (Hu, Kuhn, 2016) For example, a user is in charge of finance has access to all the folders pertaining to finance. Due to the policy that the user can't view nor access the CEO's folders because they don't have the rights. Restrictions in rules can be either identity based or even rule-based. The same AC model the US Military implements because not every member has the same security clearance.

Another policy is the Information Security Policy. The policy ensures that all employees who have access to company policies follow every rule and guidelines. This ensures that employees are held responsible in case a cyber incident happens due to negligence. Establishing a policy to prevent the use of personal portable hard drives on company computers because if an employee's personal computer contains malware they could spread. USB devices are sole as a delivery mechanism for host-side exploits attackers are targeting the USB stack, embedding malicious code in device firmware. (Tan, Bate, Butler, 2012) However, it's not just for USB but CDs, DVDs, and external hard drives.

Incident response policy is the most crucial policy because it deals with managing an incident and the impact on business operations. It is important to have a plan on how to deal with an incident. That includes develops a checklist and a complete guide on how the issue will be addressed. So when an issue does arise the IT team can decide on the best course of action for each incident for the near future. (Stewart. 2014)

Whether it defending a network against outside attack, establishing security policy, or removing malware, it is crucial to network security. The actions have to happen on a daily base then the operating system is vulnerable for theft. Not only maintaining operating systems important but also educating the user on cyber threats, proper password etiquette, and routine maintenance. Times are changing and as the Internet grows and evolves so does the risk of outside attacks.

References

  • V. C. Hu and R. Kuhn, "Access Control Policy Verification," in Computer, vol. 49, no. 12, pp. 80-83, Dec. 2016.doi: 10.1109/MC.2016.368
  • (07/2013). Security Strategies in Windows Platforms and Applications, 2nd Edition. [VitalSource].
  • Pacchiano, R. (2011, June 09). Firewall Debate: Hardware vs. Software.
  • Tan, D., Bates, A., & Butler, K. (n.d.). Retrieved December 28, 2018.
  • Tittel, E. (n.d.). 70-270 MCSE/MCSA Guide to Microsoft Windows XP Professional, Second Edition, Enhanced. 70-270 MCSE/MCSA Guide to Microsoft Windows XP Professional, Second Edition, Enhanced,1-25. Retrieved December 27, 2018.
  • Erbschloe, M. (n.d.). TROJANS, WORMS, AND SPYWARE Computer Security,1-20. Retrieved December 27, 2018.
Updated: Nov 01, 2022
Cite this page

Malware Techniques - Cyber Security. (2019, Dec 12). Retrieved from https://studymoose.com/malware-techniques-cyber-security-essay

Malware Techniques - Cyber Security essay
Live chat  with support 24/7

👋 Hi! I’m your smart assistant Amy!

Don’t know where to start? Type your requirements and I’ll connect you to an academic expert within 3 minutes.

get help with your assignment