List and explain the anatomy of a worm attack and the four steps to mitigate it.
The anatomy of a worm attack is as follows:
- The enabling vulnerability: A worm installs itself by exploiting known vulnerabilities in systems, such as naive end users who open unverified executable e-mail attachments.
- Propagation mechanism: After gaining access to a host, a worm copies itself to that host and then selects new targets.
- Payload: After a host is infected with a worm, the attacker has access to the host, often as a privileged user. Attackers can use a local exploit to escalate their privilege level to administrator.
The following are the recommended steps for worm attack mitigation:
- Step 1, Containment: Contain the spread of the worm into your network and within your network. Compartmentalize uninfected parts of your network.
- Step 2, Inoculation: Start patching all systems and, if possible, scanning for vulnerable systems.
- Step 3, Quarantine: Track down each infected machine in your network. Disconnect, remove, or block infected machines from the network.
- Step 4, Treatment: Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
Exam with this question: EWAN v4 Chapter 4 Check Your Understanding: Network Security
Please login or Register to submit your answer