NIST updates guidance on network attacks and malware

Jul 26, 2012

Detecting and stopping malicious attacks on computer networks is a central focus of computer security these days. The National Institute of Standards and Technology (NIST) is asking for comments on two updated guides on malicious computer attacks: one on preventing, detecting, and responding to attacks and one on preventing and mitigating the effects of malware, a potent tool in an attacker's arsenal.

The publications are being revised to reflect the changes in threats and incidents.

Malware, also known as malicious code, is a common tool that attackers use to breach today, causing damage and disruption, and often requiring extensive recovery efforts. "Malware threats in the past tended to spread quickly and were easy to discover," explains co-author Karen Scarfone, "but today's malware threats are stealthier, specifically designed to quietly, slowly spread, over extended time frames and eventually leading to loss of and other problems."

The updated Guide to Intrusion Detection and Prevention Systems describes software that has become a necessary addition to the security infrastructure of many organizations.

Intrusion detection and prevention systems (IDPSs) record information about observed security-related events, notify security administrators of the events that should be analyzed further and produce reports for evaluation. Many IDPSs respond to and try to stop detected threats by using a variety of techniques.

The guidance describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring and maintaining them. The publication discusses four types of IDPS technologies: network-based, wireless, network behavior analysis and host-based.

"IDPS for wireless is an important type for all organizations to have because of the growth of mobile devices and employees' desire to use their own wireless device for work," says Scarfone.

While many agencies and companies are going mobile, it is still critical to protect desktops and laptops. The Guide to Malware Incident Prevention and Handling for Desktops and Laptops is a supplement to another draft document, Computer Security Incident Handling Guide (SP 800-61).* It gives background information on the major categories of malware that afflict desktop and laptop computers and provides practical guidance on how to prevent malware incidents and on what to do when a system is infected. The revised version of SP 800-61 is expected to be published later this summer.

Recommended measures include developing prevention plans based on the attacks that are most likely to be used now and in the near future, using defensive architecture methods to reduce the impact of malware incidents, and including malware incident prevention in employee awareness and training programs.

Explore further: Twitpic to stay alive with new owner

More information: The Guide to Intrusion Detection and Prevention Systems (Special Publication 800-94, Rev. 1) can be found at csrc.nist.gov/publications/dra… ft_sp800-94-rev1.pdf . Comments should be sent to 800-94comments@nist.gov by August 31.

The Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Special Publications 800-83, Rev. 1) can be found at csrc.nist.gov/publications/dra… ft_sp800-83-rev1.pdf . Comments should be sent to 800-83comments@nist.gov by August 31.

The Computer Security Incident Handling Guide (SP 800-61, Rev. 2) is available at csrc.nist.gov/publications/Pub… l#SP-800-61-Rev.%202

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Protecting computers at start-up: New NIST guidelines

Dec 21, 2011

A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

Banner year for cybercrime

Dec 27, 2006

This was a year for the record books for computer crime with 2007 likely even more dire, Wednesday's Washington Post reported.

Recommended for you

Facebook dressed down over 'real names' policy

Sep 17, 2014

Facebook says it temporarily restored hundreds of deleted profiles of self-described drag queens and others, but declined to change a policy requiring account holders to use their real names rather than drag names such as ...

Yelp to pay US fine for child privacy violation

Sep 17, 2014

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

User comments : 0