Transcript Slide 1

GIAC Enterprises
Malware Detection/Prevention
SANS Technology Institute
Group Discussion Written Project
John Jarocki
Seth Misenar
Tim Proffitt
SANS Technology Institute - Candidate for Master of Science Degree
1
1
Executive Summary
• Detection of Downadup/Conficker
• Determination of infection
• Prevention of Malware
• 3 Recommendations
• Project Plan
• Implementation
SANS Technology Institute - Candidate for Master of Science Degree
2
Malware Detection
• Downadup (MS08-067 Released 10/08)
• Full virus scan
• Failed logins/account lockouts
• Increased network connections
• Intrusion Detection System signatures
• Firewall logs
SANS Technology Institute - Candidate for Master of Science Degree
3
Advanced Detection
Created scripts to look for:
• Downadup scheduled tasks
• Unpatched systems (MS08-067)
• Downadup disabled services
• Disabled System Restore Points
SANS Technology Institute - Candidate for Master of Science Degree
4
Preventing Malware
• Patch Management Process
• Secure Baseline Configurations
• Security Awareness
Training/Acceptable Use Policy
SANS Technology Institute - Candidate for Master of Science Degree
5
Project Plan
• Phase 1: Patch Management (3/1-5/1)
• Milestones: Purchase Solution; Deploy Solution
• Resources: Sysadmins; CIO for policy; Finance for $
• Phase 2: Secure Baseline Configurations (4/1-6/1)
• Milestones: Gap Analysis; Compliance Audit
• Resources: SME; Sysadmin; CIO for policy; No $
• Phase 3: Awareness Training/AUP (5/1-6/1)
• Milestones: Create/Obtain Training Materials; Present Training
• Resources: Security Staff for Curriculum; Staff for Training;
CIO for Policy; No $
SANS Technology Institute - Candidate for Master of Science Degree
6
Conclusion
• Though not infected…
– CIO served as first responder
– Threat is real
– Security Infrastructure Changes
• Detection/Prevention need not be costly
– Realize importance of detection
SANS Technology Institute - Candidate for Master of Science Degree
7