Malware Detection and Mitigation Techniques Paper

User Generated

obolol

Business Finance

Description

From Chapter 7, page 304, Real World Exercise 7.1 (attached image of the exercises)

Link to Textbook:
https://books.google.com/books?id=8dmSSHBKn7wC&printsec=frontcover&source=gbs_ViewAPI#v=onepage&q&f=false

Unformatted Attachment Preview

5:57 Gil LTE books.google.co.in Search Images Maps Play You Tube News Gmal Drive More Sign in Books 00 Add to my library Write review Page 304 - • Prioritize each incident component as it arises. First come is not first served. As each new component/category of incident is detected in the response process, the entire collection of incidents must be reprioritized to focus assets on the highest-risk task. This may mean pulling individuals off of current IR tasks and reassigning them to other, higher-danger ones. • Contain each incident, then scan for others. As each incident is processed, the CSIRT continually looks for other incidents, whether predecessors, parallel incidents, or follow-on events. Each should be immediately documented, prioritized, and addressed in turn. Table 7-15 provides a checklist for handling hybrid/multiple component incidents. Copyright 2013 Cengage Learning. All Rights Reserved. May not be copied, scanned or duplicated, in whole or in part Pages 301 to 303 are not shown in this preview 304 Chapter 7 Incident Response: Response Strategies Real-World Exercises 1. Using a Web browser, perform some research on a newer malware variant that has been reported by a major malware containment vendor. Using a search engine, go to the vendor's Web site; this could be Symantec, McAfee, REAL WORLD EREROISES or any of their competitors. Visit one malware prevention software vendor. Search for the newest malware variants and pick one. Note its name and try to understand how it works. Now look for information about that same malware from at least one other vendor. Were you able to see this malware at both vendors? If so, are there any differences in how they are reported between the two vendors? 2. Log management and log analysis are techniques used to collect and report on what's happening on a network. Visit the log management community's Web site at www. syslog.org. This site is devoted to log management tools and the techniques to use the tools. Click the Compliance tab and read the material found there for more information about what are considered best practices for log management. 3. Depending on copyright, the documentary "The KGB, the Computer and Me" may be available for viewing on public video streaming services. Use a search engine to search for the title, and watch it if it is available. (The video remains available as of 2012. It runs about 57 minutes.) Enter 4 HANDS-ON PROJECTS Hands-On Projects In this project, you will use the Xplico application that's included in the Secu- rity Onion distro to examine a pcap file. Xplico is frequently used to enable incident responders to do post-incident forensics work, but it can also be used to examine traffic in real time. You will simulate an examination of network traffic captured during an incident, looking at the various types of traffic cap- tured in order to determine what the attacker did while on your network. 1. Start your Security Onion virtual image. 2. To open a terminal session, double-click the Terminal icon on the desktop. 3. To start the Xplico service, type sudo /etc/init.d/xplico start and press Enter. When prompted, enter your administrative password. 4. To move to your home directory, type cd /home/ with your username (eg, cd /home/agreen). 5. To download the sample pcap file, type wget http://wiki.xplico.org/lib/exe/fetch.php? media=pcapexplico.org sample_capture protocols supported_in_0.6.3.pcap.bz2 and press Enter ( U
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

use this document

Running Head: MIRAI MALWARE

1

Mirai Malware
Student`s Name
Institutional Affiliation
Date

2

MIRAI MALWARE
Mirai Malware
Palo Alto 42 researchers

The newest malware that has been identified by significant malware containment vendors
is the MIRAI malware botnet variant. Mirai is capable of performing eleven recruits which
include affecting the associated devices, such as routers, storage devices, and network systems
("Symantec tracks the commercialisation of malware," 2007). The software was sported earlier
this year and had a potential of affecting enterprise presentation systems. An example of its
victims is the LG super sign and WePresent WiPg -1000. The Palo Alto networks 42 researchers
spotted it. The virus can scan for vulnerable devices and even affect a system using four-stage
passwords. An organization must, therefore, develop a higher bandwidth of DDoS that will
prevent the malware from advancing to ...


Anonymous
Excellent! Definitely coming back for more study materials.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags