Coursework Sample: Handling Malware Infection in the Main Server
Publication Date:
Introduction
Malware is ideally a malicious program installed in another application, computer, or server to corrupt data, run intrusive or destructive programs. In addition, malware compromise the integrity, confidentiality, or availability of the target data, operating system, or applications (Souppaya and Scarfone 2013). Therefore, malware infection refers to a situation where a program, server, or computer has a malware in it. According to AVTEST (2016), there were 127.5 million new malwares in 2016. Malware can be in the form of viruses, worms, Trojan horses, spyware, phishing, scareware, and ransomware. Servers on the other hand provide functionality to other devices, especially in the form of data. A malware attack would therefore greatly compromise this functionality. This paper aims to provide information on how to handle a malware attack on a server.
The first step towards solving a malware problem is to establish if there is a malware attack on the server. This can be done through a number of observations or diagnosis steps. Certain signs will be exhibited in case a malware attack occurs. These signs include; slowdown in functionality, crashes, running out of server space, inability to access information from the server, security option is disabled, unusual messages to the client, error messages, and unusual high network activity (Gu et al. 2015). Malware in servers can also be detected using firewalls or special programs for detecting malware. Lynis, Chkrootkit, ClamAV, and LMD are examples of tools for detecting malware (TecMint, 2018). The signs exhibited by the server and the scanning tools are ones used in the first step of solving a malware problem which is assessing the problem.
The second step is the decision-making process (Gu et al., 2015). Once the assessment has been done, and malware detected, the organization needs to come up with an appropriate solution to the problem at hand. As stated earlier, malware attacks can be in various forms such as viruses, spyware, and ransomware. The solution adopted should focus on solving the specific malware problem at hand, for instance, use an antivirus program to solve a virus attack (Gu et al. 2015). The solution adopted should not only solve the problem at that time but also help avoid the future occurrence of the same problem.
The final step is eliminating malware. Depending on the type of attack, there are various solutions. There might be a need to backup data before resolving the problem. The following are the solutions that can be adopted in solving the issue. Use antivirus software to remove viruses from the server; an example of antivirus is Kaspersky. Intrusion prevention systems can be used to prevent suspicious activities in the server and eventually smooth the traffic (Souppaya and Scarfone, 2013). Another solution is the use of firewalls. Firewalls are used to filter data coming to the server and would help stop the malware attack if it is being operated remotely. Sandboxing is another solution. Programs will be put in a sandbox which allows restricted access to them, thereby eliminating malware (Souppaya and Scarfone 2013). The organization might also be required to remove all the data in a server, clean the server of unwanted programs, then filter the data being re-entered into the server. If the organization was unable to remove the malware, the final solution would be to replace the server.
Conclusion
To sum up, it is essential that organizations adopt a strategy of preventing malware from occurring. Malware can cause not only loss of data or corruption of programs but also huge financial losses. Strategies that solve malware problems are almost the same as those that can be used to prevent the occurrence of malware. These include; use of firewalls, use of intrusion prevention systems, and sandboxing. Putting the strategies in place will save the organization from the menace of having to deal with malware.
References
AVTEST (2017).” Facts and figures. Security report 2016/2017”. Available at https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Gu, G., Porras, P. A., & Fong, M. (2015). “Methods and apparatus for detecting malware infection.” U.S. Patent No. 8,955,122. Washington, DC: U.S. Patent and Trademark Office.
Souppaya, M., & Scarfone, K. (2013). Guide to malware incident prevention and handling for desktops and laptops. NIST Special Publication, 800, 83.
Tecmint (2018). “5 Tools to Scan a Linux Server for Malware and Rootkits.” Available at https://www.tecmint.com/scan-linux-for-malware-and-rootkits/