Page 1200 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1200

and additional malware is installed. In some cases, the zombies install
               malware that searches for files including passwords or other

               information of interest to the attacker or include keyloggers to capture
               user keystrokes. Bot herders often issue commands to the zombies,
               causing them to launch attacks.

               Botnets of more than 40,000 computers are relatively common, and
               botnets controlling millions of systems have been active in the past.
               Some bot herders control more than one botnet.

               There are many methods of protecting systems from being joined to a
               botnet, so it’s best to use a defense-in-depth strategy, implementing

               multiple layers of security. Because systems are typically joined to a
               botnet after becoming infected with malware, it’s important to ensure
               that systems and networks are protected with up-to-date anti-malware
               software. Some malware takes advantage of unpatched flaws in
               operating systems and applications, so keeping a system up-to-date

               with patches helps keep them protected. However, attackers are
               increasingly creating new malware that bypasses the anti-malware
               software, at least temporarily. They are also discovering vulnerabilities
               that don’t have patches available yet.

               Educating users is extremely important as a countermeasure against
               botnet infections. Worldwide, attackers are almost constantly sending
               out malicious phishing emails. Some include malicious attachments

               that join systems to a botnet if the user opens it. Others include links
               to malicious sites that attempt to download malicious software or try
               to trick the user into downloading the malicious software. Others try
               to trick users into giving up their passwords, and attackers then use
               these harvested passwords to infiltrate systems and networks.
               Training users about these attacks and maintaining a high level of
               security awareness can often help prevent many attacks.


               Many malware infections are browser based, allowing user systems to
               become infected when the user is surfing the Web. Keeping browsers
               and their plug-ins up-to-date is an important security practice.
               Additionally, most browsers have strong security built in, and these
               features shouldn’t be disabled. For example, most browsers support
               sandboxing to isolate web applications, but some browsers include the
   1195   1196   1197   1198   1199   1200   1201   1202   1203   1204   1205