Testing Your Network Against Malware

In the previous two blogs of our malware series, we discussed types of malware, how it spreads and questions every network manager should ask when testing for malware. Now we’ll take you deeper into testing and discuss how your test strategies might change depending on the type of malware attack.

In order to address malware, IT organizations must take two steps: Prevent malware from entering the network in the first place, and stop its spread once it has, inevitably, made its way inside the network. Perimeter devices such as firewalls, proxies, and gateways can be used to prevent initial intrusion, while intrusion detection systems (IDS) are used to identify malware that has entered the network so that steps can be taken to stop its spread.

The purpose of testing your network against malware is to verify that the systems described above are working properly to detect and prevent the spread of malware. Two types of testing are needed in order to test these systems: Perimeter testing and malware detection testing. With both types of testing, the general approach is to use test equipment that realistically replicates the corresponding malware behaviors.

Perimeter Testing

The most basic of these tests takes place at the perimeter of your network. In this phase of testing, security devices, firewalls, proxies and gateways should all be tested for their ability to identify and keep out malware. To test these devices, network test equipment is used to send realistic malware traffic and determine whether the malware is stopped.

Malware Detection Testing

Once malware establishes itself within your network, it often opens an FTP connection to a new host on the network and transfers itself to new areas. In this phase, intrusion detection systems and other systems monitoring your network should be able to detect the intrusion and identify which host is the source. In order to test your intrusion detection systems, you need test equipment that realistically performs “infected host emulation.”

Don’t let malware catch you off guard. Make sure you have the proper security systems in place, and then make sure you are performing both perimeter testing and malware detection testing.

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.