NIST updates guidance on network attacks and malware

Jul 26, 2012

Detecting and stopping malicious attacks on computer networks is a central focus of computer security these days. The National Institute of Standards and Technology (NIST) is asking for comments on two updated guides on malicious computer attacks: one on preventing, detecting, and responding to attacks and one on preventing and mitigating the effects of malware, a potent tool in an attacker's arsenal.

The publications are being revised to reflect the changes in threats and incidents.

Malware, also known as malicious code, is a common tool that attackers use to breach today, causing damage and disruption, and often requiring extensive recovery efforts. "Malware threats in the past tended to spread quickly and were easy to discover," explains co-author Karen Scarfone, "but today's malware threats are stealthier, specifically designed to quietly, slowly spread, over extended time frames and eventually leading to loss of and other problems."

The updated Guide to Intrusion Detection and Prevention Systems describes software that has become a necessary addition to the security infrastructure of many organizations.

Intrusion detection and prevention systems (IDPSs) record information about observed security-related events, notify security administrators of the events that should be analyzed further and produce reports for evaluation. Many IDPSs respond to and try to stop detected threats by using a variety of techniques.

The guidance describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring and maintaining them. The publication discusses four types of IDPS technologies: network-based, wireless, network behavior analysis and host-based.

"IDPS for wireless is an important type for all organizations to have because of the growth of mobile devices and employees' desire to use their own wireless device for work," says Scarfone.

While many agencies and companies are going mobile, it is still critical to protect desktops and laptops. The Guide to Malware Incident Prevention and Handling for Desktops and Laptops is a supplement to another draft document, Computer Security Incident Handling Guide (SP 800-61).* It gives background information on the major categories of malware that afflict desktop and laptop computers and provides practical guidance on how to prevent malware incidents and on what to do when a system is infected. The revised version of SP 800-61 is expected to be published later this summer.

Recommended measures include developing prevention plans based on the attacks that are most likely to be used now and in the near future, using defensive architecture methods to reduce the impact of malware incidents, and including malware incident prevention in employee awareness and training programs.

Explore further: A Closer Look: Your (online) life after death

More information: The Guide to Intrusion Detection and Prevention Systems (Special Publication 800-94, Rev. 1) can be found at csrc.nist.gov/publications/dra… ft_sp800-94-rev1.pdf . Comments should be sent to 800-94comments@nist.gov by August 31.

The Guide to Malware Incident Prevention and Handling for Desktops and Laptops (Special Publications 800-83, Rev. 1) can be found at csrc.nist.gov/publications/dra… ft_sp800-83-rev1.pdf . Comments should be sent to 800-83comments@nist.gov by August 31.

The Computer Security Incident Handling Guide (SP 800-61, Rev. 2) is available at csrc.nist.gov/publications/Pub… l#SP-800-61-Rev.%202

add to favorites email to friend print save as pdf

Related Stories

NIST updates guidelines for mobile device security

Jul 11, 2012

The National Institute of Standards and Technology (NIST) has released a proposed update to its guidelines for securing mobile devices—such as smart phones and tablets—that are used by the federal government. NIST ...

Protecting computers at start-up: New NIST guidelines

Dec 21, 2011

A new draft computer security publication from the National Institute of Standards and Technology (NIST) provides guidance for vendors and security professionals as they work to protect personal computers as they start up.

Banner year for cybercrime

Dec 27, 2006

This was a year for the record books for computer crime with 2007 likely even more dire, Wednesday's Washington Post reported.

Recommended for you

A Closer Look: Your (online) life after death

3 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

3 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

11 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

Sep 15, 2014

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

Sep 15, 2014

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

User comments : 0