Scribd Logo
Upload

Welcome to Scribd!

  • Critical Control 5

    Uploaded by

    ladyjay3710
    37 views2 pages
    Malware is an integral and dangerous aspect of Internet threats, targeting end users and organisations via web browsing, email attachments, mobile devices, and other vectors. Antimalware tools help defend against these threats by attempting to detect malware and block its execution. Organisations should employ automated tools to continuously monitor workstations, servers, and mobile devices for active, uptodate antimalware protection.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Malware is an integral and dangerous aspect of Internet threats, targeting end users and organisations via web browsing, email attachments, mobile devices, and other vectors. Antimalware tools help defend against these threats by attempting to detect malware and block its execution. Organisations should employ automated tools to continuously monitor workstations, servers, and mobile devices for active, uptodate antimalware protection.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    37 views2 pages

    Critical Control 5

    Uploaded by

    ladyjay3710
    Malware is an integral and dangerous aspect of Internet threats, targeting end users and organisations via web browsing, email attachments, mobile devices, and other vectors. Antimalware tools help defend against these threats by attempting to detect malware and block its execution. Organisations should employ automated tools to continuously monitor workstations, servers, and mobile devices for active, uptodate antimalware protection.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    12/15/12

    Critical control 5

    CPNICentrefortheProtectionofNationalInfrastructure

    Criticalcontrol5:Malwaredefences
    Blockmaliciouscodefromtamperingwithsystemsettingsorcontents,capturingsensitivedata,orspreading. Useautomatedantivirusandantispywaresoftwaretocontinuouslymonitorandprotectworkstations,servers, andmobiledevices.Automaticallyupdatesuchantimalwaretoolsonallmachinesonadailybasis.Prevent systemsfromusingautorunprogramstoaccessremovablemedia. Share 4

    Howdoattackersexploittheabsenceofthiscontrol?

    MalicioussoftwareisanintegralanddangerousaspectofInternetthreats,targetingendusersand organisationsviawebbrowsing,emailattachments,mobiledevices,andothervectors.Maliciouscodemay tamperwiththesystemscontents,capturesensitivedata,andspreadtoothersystems.Modernmalwareaims toavoidsignaturebasedandbehaviouraldetection,andmaydisableantivirustoolsrunningonthetargeted system.Antivirusandantispywaresoftware,collectivelyreferredtoasantimalwaretools,helpdefendagainst thesethreatsbyattemptingtodetectmalwareandblockitsexecution.

    Howtoimplement,automateandmeasuretheeffectivenessofthiscontrolusingthe subcontrolsbelow
    5.1Quickwins:Organisationsshouldemployautomatedtoolstocontinuouslymonitorworkstations,servers, andmobiledevicesforactive,uptodateantimalwareprotectionwithantivirus,antispyware,personal firewalls,andhostbasedIPSfunctionality.Allmalwaredetectioneventsshouldbesenttoenterpriseanti malwareadministrationtoolsandeventlogservers. 5.2Quickwins:Organisationsshouldemployantimalwaresoftwareandsignatureautoupdatefeaturesor haveadministratorsmanuallypushupdatestoallmachinesonadailybasis.Afterapplyinganupdate, automatedsystemsshouldverifythateachsystemhasreceiveditssignatureupdate. 5.3Quickwins:Organisationsshouldconfigurelaptops,workstations,andserverssothattheywillnotauto runcontentfromUSBtokens(i.e.,thumbdrives),USBharddrives,CDs/DVDs,Firewiredevices,externalserial advancedtechnologyattachmentdevices,mountednetworkshares,orotherremovablemedia. 5.4Quickwins:Organisationsshouldconfiguresystemssothattheyconductanautomatedantimalwarescan ofremovablemediawhenitisinserted. 5.5Quickwins:Allattachmentsenteringtheorganisationsemailgatewayshouldbescannedandblockedif theycontainmaliciouscodeorfiletypesunneededfortheorganisationsbusiness.Thisscanningshouldbe donebeforetheemailisplacedintheusersinbox.Thisincludesemailcontentfilteringandwebcontent filtering. 5.6Visibility/Attribution:Automatedmonitoringtoolsshouldusebehaviourbasedanomalydetectionto complementandenhancetraditionalsignaturebaseddetection. 5.7Configuration/Hygiene:Organisationsshoulddeploynetworkaccesscontroltoolstoverifysecurity configurationandpatchlevelcompliancebeforegrantingaccesstoanetwork. 5.8Advanced:Continuousmonitoringshouldbeperformedonoutboundtraffic.Anylargetransfersofdataor unauthorizedencryptedtrafficshouldbeflaggedand,ifvalidatedasmalicious,thecomputershouldbemoved toanisolatedVLAN. 5.9Advanced:OrganisationsshouldimplementanincidentresponseprocessthatallowstheirITsupportteam tosupplytheirsecurityteamwithsamplesofmalwarerunningundetectedoncorporatesystems.Samples shouldbeprovidedtotheantivirusvendorforoutofbandsignaturecreationanddeployedtotheenterprise bysystemadministrators. ViewCPNIadviceandguidanceonhowtoimplement,automateandmeasuretheeffectivenessofthiscontrol.

    Share

    www.cpni.gov.uk/advice/cyber/Critical-controls/in-depth/critical-control5/

    1/2

    12/15/12

    Critical control 5

    AboutCPNI
    CPNIincontext WhatistheCNI? Whoweworkwith

    Threats
    Espionage Terrorism Cyberandotherthreats

    Securityadvice
    Cybersecurity Personnelsecurity Physicalsecurity

    Securityplanning
    Businesscontinuityplanning Stafftrainingandawareness Standardsandspecifications Accessibility Cymraeg Privacyandcookies Sitemap Termsandconditions

    www.cpni.gov.uk/advice/cyber/Critical-controls/in-depth/critical-control5/

    2/2

    You might also like