DETECTING AND MANAGING MALWARE 1

Detecting and Managing Malware

Capella University

IAS5220 – Network Security Controls and Testing.

Jan 31, 2019

DETECTING AND MANAGING MALWARE 2

Abstract

Virus parasite works like to insect themselves into healthy human/host cells with the

intention of destroying the health tissues cells of the host and compromising the healthy tissues

and immune system to fight back. If the immune system of the host is not strong enough to strong

enough to fight back the attack from the Virus/bacteria parasite it ends up resulting sickness and

death in the long term.

This paper describes the “various types of malware and unauthorized devices. Discussing

the paper will examine the approaches used by intrusion detection and prevention to identify

malware. The paper will review malware detection tools and the procedures used by the anti-

malware application to see and respond to a malware security breach” (Capella, 2019, 18-19).

Keywords: intrusion detection, protection, anti-malware application, malware,

unauthorized devices.
DETECTING AND MANAGING MALWARE 3

Table of Content

 Cover Page,

 Abstract.

 Table of Content.

 Introduction/ Body

 Conclusion

 References
DETECTING AND MANAGING MALWARE 4

Introduction

The way and manner in which malicious malware which work is the same way as virus

parasite in a health tissues of human cell but in this case the malicious program since there are

outside programs which are security threats to host computer network system in which they

manipulatively insect in the application, computer system, and OS data, programming code of

packet data with real intention is to cause damage to computer system information, also run

manipulative intrusion and all-out destruction package and also seeking to makes sure that

computer network system doesn’t comply with computer network security principles of CIA for

any application, OS and any system generated data.

These malicious applications can cause a computer system security outbreak throughout

the system with disruption which requires much-needed computer system recovery within any

organization. Since it is in the commonplace of such malicious application is face to an

organization such as Phishing. This manipulative malicious application deceits the victims into

unconsciously give out sensitive data. That is why this paper will recommendation and identify

the various types of malware with better malware or malicious application intrusion detection and

preventions procedures we can better mitigate these malicious application security breaches. Every

organization by paper recommendation states that they plan for security breaches from a malicious

application for today and the future. It should be put into the organization information security

policies statements which contain all the procedures for malware intrusion detection and

prevention for every member of the organization which takes into consideration the security threats

mitigation, security vulnerabilities extenuation, network system defensive planning (Scarfone,

Mell, 2007, p 8-12).

Depending on the information security procedures for malware intrusion detection and
DETECTING AND MANAGING MALWARE 5

prevention it may change base on the procedures that work well for the organization in the

managed and non-managed environment of the organization information security system. The

well-suited procedures which work well for the malware intrusion detection and prevention

procedure for the Host network system and dependent environment network system. Which is in

the information security statement for the malware intrusion detection, other computer network

system methodologies and prevention take into the consideration the employee’s awareness policy,

network system maintenance, network system vulnerabilities risk, network system security threats

mitigation hard work, considerations for network system defensive planning.

Types of malware and malicious unauthorized devices as attackers’ tools which use

manipulative malicious applications to target its host by malware or its toolkits to cause harm to

computer network system from the traditional, phishing, web-based malicious application,

advanced determined security breaches. There is virus which is malicious application that

replicates itself by inserting replicates of the applications into the host system logs, data files and

programs which occur once there is user communication from opening an application such as the

compiled and interpreted virus, these viruses happen from the Operating system and application

level of execution virus e.g. boot log files viruses which infect the boot sectors files of storage

devices drive. There are also worms which are a malicious application that is self-replicating which

runs on its own abilities to infest computer network system without user interaction. Examples are

network service worms and mass mail worms these worms run on the network system vulnerability

to replicate itself to affect the host network system. There is also Trojan Horses which are not a

self-replicating malicious application, but they are hidden malicious application which replaces

existing files or malicious version of the files into the host system or applications such as malicious

code, blended attacks (Scarfone, Mell, 2007, p 17-22).

DETECTING AND MANAGING MALWARE 6

There are also attackers’ tools which are used to attack to the targeted host system through

unauthorized access to affects the host system such tools as backdoor tools for an attacker to listen

to the host system TCP or UDP port for network system protocols and commands by a malicious

application. There are keystroke loggers, rootkits tools which all malicious tool for incepting the

host system keyboard use and collection of host system files maliciously from the application.

There are also web browsing plug-Ins and email generation tools by these tools the attacker uses

malicious web browser plug-ins to display on the web browser or use malicious applications to

create and send mass quantities of email from the host system to another host system without the

host user permission (Mohan, 1999, p 14- 18).

For intrusion detection and prevention system to detect malware from the intrusion

prevention system which detects malware from network system traffic packet sniffing to see any

suspicious events they do so by the inline of application acting like network-based firewall, which

the detect the malware by its attack signatures, the network protocol to identify the malware and

its activities. There is also the behavior detection evaluation and stateful protocol of malware by

the intrusion prevention system which identifies the uncommon network traffic movements they

detect attacks such the backdoor, attack signature profiles or email generation attacks which has

to cause the high-volume network system traffic and significant anomaly activities to the network

system (NIST, n.d, p 11- 13).

Malware detection tools work in a way of content inspection and filtration procedures to

stop any email-based security breaches, stop spam threats to reaching its target. Also, work in the

way of hindering/blocking email file extension or undesirable files types which have malicious

code. There is malware detection tool have specific procedures which are common such as the

code evaluation which makes the malware detection tool to evaluate any malicious coding from
DETECTING AND MANAGING MALWARE 7

the sandbox or virtual program to evaluate the character and profile of every network traffic and

application activities. There is also the procedure of evaluating network traffic and filtration where

the malware detection tool restricting unauthorized access to network system resources and traffic

evaluation of peer-to-peer sharing, data extract by any application or program. Also, they can

monitor files system of the network system by integrity and attribute checking of the file system

on the network system. The malware detection tools are also able to detect network system log

system evaluation of OS and application for malicious events (Mohan, 1999, p 24- 28).

Anti-malware application is able to identify and mitigate a new malware breaches from

application sensor which detect and observe an event from and to host applications to different

parts of the network system by match the applications activities, the host programs, and network

system resources activities. Since there are activities of anti-malware application which identify

and mitigate threats from an invalid IP diagram, wrong application code injection, invalid TCP

packet of the application or devices. Also, when there is a slowdown of a computer system,

application services functions and web browser speeds. They mitigate by security automation

procedure which can configure security policies checklist, patch management of OS, applications,

and devices. Since there are different types of the host on network security systems infrastructure

devices such as a workstation, server, firewall devices, web server, routers, remote access server,

and mobile computing technologies. Also, the mitigate by browsing separation by using various

web browsers for various web access and anti-malware application support and access (NIST, n.d,

p 15- 19).
DETECTING AND MANAGING MALWARE 8

References

Capella University, 2019, Courseroom, unit 4, Detecting and Managing Malware, Date retrieved

02/1/2019,

https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

162482_1&content_id=_7268977_1&mode=reset

Phillip Bosco (2016) Intrusion Detection and Prevention Systems Cheat Sheet: Choosing the

Best Solution, Common Misconfigurations, Evasion Techniques, and Recommendations.

Date retrieved 02/01/2019, https://www.sans.org/reading-

room/whitepapers/intrusion/intrusion-detection-prevention-systems-cheat-sheet-

choosing-solution-common-misconfigurations-evasion-techniques-recommendations-

36677

K. Scarfone, P. Mell, (2007) Special Publication 800-94: Guide to Intrusion Detection and

Prevention Systems (IDPS), National Institute of Standards and Technology (NIST)

(2007)

Mohan, S. (1999). Ethical hacking finds network holes. InfoWorld, 21(8), 45-45,51. Date

retrieved 02/1/2019,

http://search.proquest.com.library.capella.edu/docview/194334757?accountid=279

Whitman, M. E., & Mattord, H. J. (2011). Principles of information security (4th ed.). Boston,

MA: CENGAGE Learning Custom Publishing.

NIST. (n.d.). Intrusion Detection and Prevention Systems. Date retrieved 02/1/2019,

https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=901146
DETECTING AND MANAGING MALWARE 9
DETECTING AND MANAGING MALWARE 10