Using the required reading and any other resources you might

Using the required reading and any other resources you might find helpful, write a paper regarding development of a secure infrastructure for the project organization. Be sure to cover the following topics:

Identify various types of attacks specific to malicious software.

Analyze attack signatures related to these attack types.

Identify controls that may be used to mitigate specific attack types.

Develop strategies for managing malicious software as a component of an overall security management plan.

Use proper APA (6th edition) style and formatting for all references and citations.

Solution

The different types of malicious attacks are as follows:

Virus

Worm

Trojan Horse

A Trojan horse, commonly known as a “Trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing malware.

A Trojan can give a malicious party remote access to an infected computer.

Once an attacker has access to an infected computer, it is possible for the attacker to steal data (logins, financial data, even electronic money), install more malware, modify files, monitor user activity (screen watching, key logging, etc), use the computer in botnets, and anonymise internet activity by the attacker.

Spyware and Adware

Spyware is a type of malware that functions by spying on user activity without their knowledge.

These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.

Spyware often has additional capabilities as well, ranging from modifying security settings of software or browsers to interfering with network connections.

Spyware spreads by exploiting software vulnerabilities, bundling itself with legitimate software, or in Trojans.

Adware (short for advertising-supported software) is a type of malware that automatically delivers advertisements.

Common examples of adware include pop-up ads on websites and advertisements that are displayed by software.

Rootkit

A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs.

Once a rootkit has been installed it is possible for the malicious party behind the rootkit to remotely execute files, access/steal information, modify system configurations, alter software (especially any security software that could detect the rootkit), install concealed malware, or control the computer as part of a botnet.

Zombies and Botnets

A zombie computer, usually known in the short form zombie, is a computer attached to the Internet that has been compromised and manipulated without the knowledge of the computer owner.

A botnet refers to a network of zombie computers that have been taken over and put under the remote control of an attacker.

Logic Bombs

Trap Door

Attack signatures are rules or patterns that identify attacks or classes of attacks on a web application and its components. You can apply attack signatures to both requests and responses. Additionally, within the requests signatures pool, some signatures can apply to alpha-numeric user-input parameters.

An attack signature set is a group of individual attack signatures. Rather than applying individual attack signatures to a security policy, you can apply one or more attack signature sets. The Application Security Manager ships with several system-supplied signature sets. By default, a generic attack signature set is assigned to new security policies