S 1.6 Protection against malware

Logo Schutz vor Schadeprogrammen

Description

Every organisation should compile a list of suitable preventive safeguards against malware and specify the procedure to follow in case of an infection with malware. In addition to classic computer viruses, malware (malicious software) also includes Trojan horses, computer worms, and other software intended to cause damage. A security concept against malware should be developed as a basis for preventing IT systems from being infected with malware. Note, though, that is impossible to achieve perfect protection against malware. Keeping this residual risk in mind, measures must be taken to prevent malware from infecting your systems. However, it should still be possible to detect any infections of malware as quickly as possible in case any of the preventive countermeasures should fail. Furthermore, this module also mentions safeguards that serve to reduce the damage caused when a malicious program is not detected promptly. It is essential to apply the safeguards consistently and regularly update the techniques used. The reason for this requirement is that new malware programs and new versions of known malware programs appear daily. Due to the continuous development of operating systems, programming languages, and application programs, new gaps are opened regularly that have the potential to be exploited for malware attacks, resulting in the need to initiate suitable countermeasures promptly.

In order for an organisation as a whole to achieve effective protection against malware, this module illustrates a procedure for creating and implementing a corresponding security concept. Specific recommendations of safeguards to protect individual IT systems against malware can be found in the system-specific modules.

Threat scenario

The following typical threats to IT-Grundschutz due to malware will be examined:

Organisational Shortcomings

T 2.1 Lack of, or insufficient, rules
T 2.2 Insufficient knowledge of rules and procedures
T 2.3 Lack of, inadequate, incompatible resources
T 2.4 Insufficient monitoring of security safeguards
T 2.8 Uncontrolled use of resources
T 2.9 Poor adjustment to changes in the use of IT
T 2.136 A lack of an overview of the information system

Technical Failure

T 4.13 Loss of stored data
T 4.22 Software vulnerabilities or errors

Deliberate Acts

T 5.2 Manipulation of information or software
T 5.23 Malicious software
T 5.28 Denial of services
T 5.42 Social Engineering
T 5.71 Loss of confidentiality of classified information
T 5.85 Loss of integrity of information that should be protected
T 5.142 Spreading malicious software via mobile data media

Method recommendation

To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.

When creating a security concept to combat malware (see S 2.154 Creating a security concept against malware), it is necessary first to determine which of the existing or planned IT systems must be included in the security concept. The factors influencing the implementations of the corresponding security safeguards for these IT systems must then be analysed. The technical and organisational safeguards can then be selected based on this analysis. This particularly includes the selection of suitable technical countermeasures such as the use of virus protection programs (see S 2.157 Selection of a suitable virus protection program). In addition to setting up a reporting system (see S 2.158 Reporting infections of malware) and co-ordinating the updates of the virus protection products used (see S 2.159 Updating the virus protection programs and signatures), it is also necessary to agree to a series of rules applying to the implementation of the concept.

The most important safeguards to prevent damage by malware are the use of virus protection programs and performing regular data backups (see S 6.32 Regular data backup).

The bundle of safeguards for protection against malware is presented in the following:

Planning and design

S 2.154 (A) Creating a security concept against malware
S 2.160 (A) Rules designed for protection against malware
S 3.69 (W) Introduction to the threats posed by malware

Purchasing

S 2.157 (A) Selection of a suitable virus protection program

Implementation

S 4.84 (A) Use of BIOS security mechanisms

Operation

S 2.34 (A) Documentation on changes made to an existing IT system
S 2.158 (A) Reporting infections of malware,
S 2.159 (A) Updating the virus protection programs and signatures
S 2.224 (A) Prevention against malware
S 4.3 (A) Use of virus protection programs

Contingency Planning

S 6.23 (A) Procedures in the event of malware
S 6.24 (A) Creating an emergency boot medium
S 6.32 (A) Regular data backup