Antivirus software can detect most viruses and many Trojan horse applications and prevent them from spreading in the network. Antivirus software can be deployed at the user level and at the network level.
Keeping up to date with the latest developments in these sorts of attacks can also lead to a more effective defense against these attacks. As new virus or Trojan applications are released, enterprises need to keep current with the latest versions of antivirus software as well.
Worm attack mitigation requires diligence on the part of system and network administration staff. The following are the recommended steps for worm attack mitigation:
- Containment - Contain the spread of the worm within the network. Compartmentalize uninfected parts of the network.
- Inoculation - Start patching all systems and, if possible, scanning for vulnerable systems.
- Quarantine - Track down each infected machine inside the network. Disconnect, remove, or block infected machines from the network.
- Treatment - Clean and patch each infected system. Some worms may require complete core system reinstallations to clean the system.
The most effective way to mitigate a worm attack is to download security updates from the operating system vendor and patch all vulnerable systems. This is difficult with uncontrolled user systems in the local network. Administering numerous systems involves the creation of a standard software image (operating system and accredited applications that are authorized for use on client systems) that is deployed on new or upgraded systems. However, security requirements change and already deployed systems may need to have updated security patches installed.
One solution to the management of critical security patches is to create a central patch server that all systems must communicate with after a set period of time, as shown in the figure. Any patches that are not applied to a host are automatically downloaded from the patch server and installed without user intervention.