Question

In: Computer Science

How do organizations gather malware that needs to be analyzed? ▪ Pre-compromise – Email, web surfing...

How do organizations gather malware that needs to be analyzed?

▪ Pre-compromise – Email, web surfing interception, or honeypot collection

▪ Post-compromise - Incident response collection

Solutions

Expert Solution

How do organizations gather malware that needs to be analysed?

Organizations have a variety of ways to gather malware that needs to be analysed. Some of them are as follows:

· Symbols of DDoS Activity

· Various HTML Response Sizes

· Uncommon Outbound Network Traffic

· Irregularities in Privileged User Account Activity

· Geographical Abnormalities

· Upsurges in Database Read Volume

· Huge Numbers of Requests for the Same File

· Incompatible Port-Application Traffic

· Suspicious Registry or System File Changes

· Unexpected Patching of Systems

· Mobile Device Profile Changes

· Web Traffic with Unhuman Behaviour

Pre Compromise Malware Gathering:

· Email interception is the practice of observing the Internet to read private messages which were intended for other persons.

· Https interception or SSL/TLS Inspection is the process of intercepting SSL/TLS encrypted internet communication between the client and server.

· Web browsing interception: Under System Configuration, in the Web Browsing Interception options, select the Web Browsing Interception setting of your choice: When it is set to Enabled, the Media Access Gateway checks the Internet connectivity (and address-based filtering rules if applicable) for each server request.

· Honeypot is a computer system. There are files, directories in it just like any real computer. The purpose of this computer is to attract and trap hackers to fall into it to watch and follow their behaviour. So it as a fake system which looks like a real system. For example, Honeypots can be used to log malicious activities in a compromised system. Honeypots can be also used to learn new vulnerabilities or threats for users and creating ideas how to get rid of these problems.

Post-compromise - Incident response collection

Programmed incident response scripts are used for incident response collection. Programmed incident response scripts have a speed advantage over manually typing in commands. Several organizations have a custom software tool for incident response collection. Mostly, the tools contain static binaries, which are compiled to be totally self-contained when it comes to operating. The static binaries are ideal because they tend not to crush on evidence. There are many tools, such as E-Fense's live CD Helix, that an organization may use as an incident response tool to collect volatile data.


Related Solutions

How COVID-19 affected the Indian economy. This is needs to be analyzed only by the IS-LM...
How COVID-19 affected the Indian economy. This is needs to be analyzed only by the IS-LM model. How government steps shift the curve in this pandemic and other factors. NOTE: It should be complete and must all factors of IS-LM and Effect on Indian economy (up to 3 pages)
1) How would you define relevant decision analysis? More specifically what needs to be analyzed with...
1) How would you define relevant decision analysis? More specifically what needs to be analyzed with this decision analysis? 2) Please list the 5 or more types of decisions that can make use of the relevant decision approach?
how do marketers create needs. note** state 4 ways they do create needs
how do marketers create needs. note** state 4 ways they do create needs
1. What are the various types of malware? 2. How do worms differ from viruses? 3....
1. What are the various types of malware? 2. How do worms differ from viruses? 3. Do Trojan horses carry viruses or worms?
1. How do organizations fight fraud? 2. Why is the prevention of fraud important to organizations?...
1. How do organizations fight fraud? 2. Why is the prevention of fraud important to organizations? 3. Is the timeliness of fraud detection a business imperative? Why? Why not? 4.  Also, what is the cost to a company both financially and reputationally for failure to prevent and fight fraud
How do I make a simple TCP python web client and web server using only "import...
How do I make a simple TCP python web client and web server using only "import socket"? Basically, the client connects to the server, and sends a HTTP GET request for a specific file (like a text file, HTML page, jpeg, png etc), the server checks for the file and sends a copy of the data to the client along with the response headers (like 404 if not found, or 200 if okay etc). The process would be: You first...
3. How do you gather competitive information? Why do you want to know about competition? (5...
3. How do you gather competitive information? Why do you want to know about competition?
What is pre-determined overhead rate and how is it calculated? What do you do when the...
What is pre-determined overhead rate and how is it calculated? What do you do when the actual overhead for the accounting period is different than applied overhead? Subject: Management Accounting Write more than 300 words
How do organizations exercise social responsibility toward customers?
How do organizations exercise social responsibility toward customers?
How do organizations exercise social responsibility toward the environment?
How do organizations exercise social responsibility toward the environment?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT