SC-18 Mobile Code
Control:Establish usage restrictions and implementation guidance for mobile code technologies based on the potential to cause damage to the system if used maliciously; and (ii) Document, monitor, and control the use of mobile code within the system. Appropriate organizational officials authorize the use of mobile code.
Illustrative Controls and TIBCO LogLogic Solution
Malicious code refers to a broad category of software threats to your network and systems. Perhaps the most sophisticated types of threats to computer systems are presented by malicious codes that exploit vulnerabilities in computer systems. Any code which modifies or destroys data, steals data, allows unauthorized access, exploits or damage a system, and does something that user did not intend to do, is called malicious code. In many security incidents, malicious code is delivered through the use or download of mobile code.
Activity logs can help determine if the controls implemented are adequate and working appropriately. Activity logs can also provide important early-warning detection of new threats unknown to existing software vendors and data that can be used to diagnose and plan responses to new threats. Use network intrusion detection systems, host-based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date. To satisfy this requirement, administrators must periodically review IDS logs to ensure the IDS tools are fully utilized. Administrators must also review denied firewall traffic logs periodically to determine whether programs are trying to access the network on unauthorized network ports.