10.4.2 Controls Against Mobile Code

Illustrative Controls and TIBCO LogLogic Solution

Malicious code refers to a broad category of software threats to your network and systems. Perhaps the most sophisticated types of threats to computer systems are presented by malicious codes that exploit vulnerabilities in computer systems. Any code which modifies or destroys data, steals data, allows unauthorized access, exploits or damage a system, and does something that user did not intend to do, is called malicious code. In many security incidents, malicious code is delivered through the use or download of mobile code.

Activity logs can help determine if the controls implemented are adequate and working appropriately. Activity logs can also provide important early-warning detection of new threats unknown to existing software vendors and data that can be used to diagnose and plan responses to new threats.

Use network intrusion detection systems, host-based intrusion detection systems, and intrusion prevention systems to monitor all network traffic and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date.

To satisfy this requirement, administrators must periodically review IDS logs to ensure the IDS tools are fully utilized. Administrators must also review denied firewall traffic logs periodically to determine whether programs are trying to access the network on unauthorized network ports.

Reports and Alerts

Use the following link/reference to see the 10.4.2 reports and alerts: TIBCO LogLogic Reports and Alerts Quick Reference.