Example of an Emergency Containment Plan to respond to a virus infection

book

Article ID: 178196

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You need a plan of action in the event of a malware infection.  What measures should an organization take to prepare?

Resolution


Emergency Containment Plan


It is a good habit to always approach a virus infection or network threat in a predefined, organized manner. Once an infection or attack is suspected, the resolution should ideally consist of 5 steps:

  • 1. Identify the threat and attack vectors.
  • 2. Identify the infected computers.
  • 3. Quarantine the infected computers.
  • 4. Clean the infected computers.
  • 5. Post-op and prevent recurrence.

Follow an in-depth description of each of these as specified in the 5 steps of virus removal.


Prepare ahead


To make sure the Emergency Containment Plan is executed as efficiently as possible in the event of an infection, you need to understand your environment well. Follow these tips to be prepared ahead of an incident. 

Understanding Network Topology
Fundamental to containing a virus infection is understanding the topology of your network. As a preliminary action, create a map, or use a map that you currently have, to section off your network client systems in a way that will allow you to systematically isolate and clean the computers in each section before reconnecting them to your local network. Your map should contain the following information:

  • Servers - name and address
  • Clients - name and address
  • Network protocols
  • Shared resources

Understanding Security Solutions
In addition to understanding your network topology, you need to understand how anti-virus and security products are implemented to protect your network and distribute virus definitions and security updates. Consider the following information:

  • What security programs are protecting servers and clients.
  • What is the plan for checking, testing, and installing operating system and network updates.
  • What is the schedule for updating virus definitions.
  • What alternative methods of obtaining updates are available if the normal channels are under attack.
  • What log files are available to administrators.

Understanding Backup Solutions
It is imperative that you have critical system information backed up. In the event of a catastrophic virus infection, it may be necessary to restore servers and clients to be sure that your network has not been compromised. Having a backup plan in place with procedures to backup and restore critical systems is essential

 

 

 

 

 

Attachments