lunes, 21 de febrero de 2011

Infrastructure Planning and Design Guide for Malware Response (Microsoft) Updated: February 17, 2011

Muchas organizaciones pequeñas y medianas usan software antivirus y, no obstante, nuevos virus, gusanos y otras formas de software malintencionado (malware) siguen infectando un gran número de equipos en estas organizaciones. El malware prolifera a una velocidad alarmante y de muchas maneras diferentes, lo que hace que esté muy extendido en la actualidad.
Esta guía está dirigida a los asistentes de TI que desean obtener información y recomendaciones que puedan usar para tratar y limitar de forma eficaz el malware que infecta equipos en organizaciones pequeñas y medianas.


A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail:


Figure 1. Respond to a malware incident at a high level 



 

In More Detail - The Malware Response Guide includes the following content:

Step 1: Confirm the Infection
Step 2: Determine the Course of Action
Step 3: Attempt to Clean the System
Step 4: Attempt to Restore the System State
Step 5: Rebuild the System
Step 6: Conduct Post Attack Review

This guide is one in a series of planning and design guides that clarify and streamline the planning and design process for Microsoft infrastructure technologies. The goal of this guide is to provide processes and tasks to help determine the nature of the malware problem, limit the spread of malware, and return the system(s) to operation.
When a malware attack occurs, there are a number of factors that must be considered quickly and simultaneously to restore service to the system. Some of these factors are, indeed, conflicting. Understanding how the system was compromised, while simultaneously returning the system to operation as quickly as possible, is a common conflicting issue that this guide addresses. This malware response guide does not resolve this conflict; the reader must do so based on the priorities of the business.
When deciding which course of action to take to get the attack under control and restore the system to normal as quickly as possible, consider the following:
The amount of time required and available to restore the system to normal operations.
The resources needed and available to perform the work.
The expertise and administrative rights of the personnel performing the recovery.
The cost to the business that could result from data loss, exposure, and downtime.
All of these items will influence the decisions and the risk the organization is willing to accept when responding to and recovering from a malware attack.