110 likes | 289 Views
AntiVirus Process. Marilyn Cariola Heather Larrieu (audio) Chris Mayfield October 14, 2008. Computer Security AntiVirus. Source: Quarterly Report PandaLabs – July-Sept 08 . Malicious Software. More trojan attacks Coming via web browsing Using SQL injections techniques
E N D
AntiVirus Process Marilyn Cariola Heather Larrieu (audio) Chris Mayfield October 14, 2008
Computer Security AntiVirus Source: Quarterly Report PandaLabs – July-Sept 08
Malicious Software • More trojan attacks • Coming via web browsing • Using SQL injections techniques • Battery of exploit attempts • 3rd party applications • OS vulnerabilities • Goal is Silent Infection • Trojan.ZLOB • Trojan.PANDEX • Trojan.ASPROX
Virus Alert Alert: Virus Found Computer: XXXXXXXXXXXXX Virus: Trojan Horse Path: C:\WINDOWS\Temp\VBR49FD.exe Date: 9/29/2008 Time: 9:54:46 AM Severity: Critical Requested Action: Clean Action Taken: Leave Alone User: XXXXXXXXXXXXX Source: Symantec AntiVirus Corporate Edition
AV Process & Actions • Notes: • The results of malware research could change the actions to be taken • All scans must be full AV scans in safe mode with system restore turned off. • Results need to be shared with Cyber, screen captures or exported files. • Depending on the results of the scan, further actions could include format and rebuild or Cyber taking the computer or hard drive for further investigation. • Computer security may not request a rebuild if the virus is found in cache. • Computers used to access personally identifiable information (PII) will receive more scrutiny when they generate virus alerts..
Other Actions • Additional viruses or issues • Isolate / scan / rebuild • Several (3 or more) alerts on same computer / same day • Isolate / scan / rebuild • Unauthorized / prohibited software • Must be removed • Some cases sent to HR
Further Review Affirmative duty to report abuse of SLAC resources • Device taken, including USB devices • Illegally licensed software • Hacker tools • Key generators, password sniffing, vulnerability assessment • Illicit material • Pornography, gambling, evidence of running a personal business • Reported to HR
References • Computer Security website • Restricted/Prohibited software • Policies • Limited Personal Use of Government Office Equipment including Information Technology • Use of SLAC Information Resources
Questions / answers / discussion • What would happen if we didn’t do this? • A computer gets compromised • Becomes a bot for additional attacks • Information is lost • During a Site Assessment • Non-job related data is found • Unlicensed / illegal software • Pornography • SLAC fined, lose contract?