| The organization must employ malicious code protection mechanisms at information system entry and exit points. This protection must detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or inserted through the exploitation of information system vulnerabilities.
Malicious code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. It also has the ability to run and attach programs, which provides a high risk potential for the distribution of malicious mobile code. Malicious code can be transported by electronic mail, mail attachments, web accesses, and removable media. Malicious code includes viruses, worms, Trojan horses, and spyware.
While the network device cannot replace anti-virus or HIDS protection installed on the network's endpoints, network device ACLs or policy filters can be implemented which provide preemptive defense against both known and zero day vulnerabilities. Many of the protections may provide defenses before vulnerabilities are discovered and ACLs or policy filters or blacklist updates are distributed by anti-virus or malicious code solution vendors. This requirement is applicable to specific devices and does not involve the management of a network device. |
