In preparation of your CCNA Security 640-553 exam, we want to make sure we cover topics that you are very likely to encounter on your Cisco CCNA exam. So to assist you, below we will discuss mitigation methods for Worm, Virus, and Trojan Horse attacks.

Worms, viruses, and Trojan horses

Malicious software is inserted onto a host in order to damage a system, corrupt a system, replicate itself, or denies services or access to networks, systems, or services.

The primary vulnerabilities for end-user workstations are worm, virus, and Trojan horse attacks.

A worm executes arbitrary code and installs copies of itself in the infected computer’s memory, which infects other hosts.

A virus is malicious software that is attached to another program to execute a particular unwanted function on a user's workstation.

Trojan horse is different only in that the entire application was written to look like something else, when in fact it is an attack tool.

Worm Attacks

The anatomy of a worm attack is as follows:

The enabling vulnerability—A worm installs itself using an exploit vector on a vulnerable

system.

Propagation mechanism—After gaining access to devices, a worm replicates and selects new

targets.

Payload—Once the device is infected with a worm, the attacker has access to the host—

often as a privileged user. Attackers could use a local exploit to escalate their privilege level

to administrator.

Typically, worms are self-contained programs that attack a system and try to exploit a

vulnerability in the target. Upon successful exploitation of the vulnerability, the worm copies its

program from the attacking host to the newly exploited system to begin the cycle again. A virus

normally requires a vector to carry the virus code from one system to another. The vector can be

a word-processing document, an e-mail message, or an executable program. The key element

that distinguishes a computer worm from a computer virus is that human interaction is required

to facilitate the spread of a virus.

Worm Attack Mitigation

Worm attack mitigation requires diligence on the part of system and network administration

staff. Coordination between system administration, network engineering, and security operations

personnel is critical in responding effectively to a worm incident.

The following are the recommended steps for worm attack mitigation:

Containment

Inoculation

Quarantine

Treatment

Typical incident response methodologies can be subdivided into six major categories. The

following categories are based on the network service provider security (NSP-SEC) incident

response methodology:

Preparation—Acquire the resources to respond.

Identification—Identify the worm.

Classification—Classify the type of worm.

Traceback—Trace the worm back to its origin.

Reaction—Isolate and repair the affected systems.

Post mortem—Document and analyze the process used for the future.

Virus and Trojan Horse Attacks

The primary vulnerabilities for end-user workstations are viruses and Trojan horse attacks.

Viruses are malicious software that is attached to another program to execute a particular

unwanted function on a user’s workstation. An example of a virus is a program that is attached to

command.com (the primary interpreter for Windows systems) that deletes certain files and

infects any other versions of command.com that it can find.

Trojan horse A Trojan horse is a program that usually claims to perform one function (such as a game) but does something completely different in addition the claimed function (such as corrupting the data on your hard disk). Many different types of Trojan horses get attached to systems, and the effects of these programs range from a minor irritation for the user to total destruction of the computer file system. Trojan horses are sometimes used to exploit systems by creating user accounts on systems that enable unauthorized users to gain access or upgrade their privilege level. Some Trojan horses capture data from the host system and send it back to a location where it can be accessed by the attacker. Other Trojan horses enable the attacker to take control of the system and enlist it in a DDoS attack, which is a common occurrence.

Virus and Trojan Horse Attack Mitigation

These kinds of applications can be contained through the effective use of antivirus software at

the user level and potentially at the network level. Antivirus software can detect most viruses and

many Trojan horse applications and prevent them from spreading in the network. Keeping up-to date with the latest developments in these sorts of attacks can also lead to a more effective posture against these attacks. As new virus or Trojan applications are released, enterprises need to keep up-to-date with the latest antivirus software and application versions.

I hope you found this article to be of use and it helps you prepare for your Cisco CCNA Security 640-553 certification exam. I am sure you will quickly find out that hands-on real world experience that our CCNA lab kits offer is the best way to cement the CCNA concepts in your head to help you pass your CCNA test!