| Malicious code includes viruses, worms, Trojan horses, and spyware. The code provides the ability for a malicious user to read from and write to files and folders on a computer's hard drive. It also has the ability to run and attach programs, which provides a high risk potential for the distribution of malicious mobile code. Much of this code is not detected by antivirus software or even host intrusion detection systems. Once it has residency within the network, unauthorized users are able to breach firewalls and access sensitive data by assuming the identity of authorized users. Vulnerability assessment scans must be performed on a regular basis to identify devices that are vulnerable or have already been breached by malicious code. This requirement is applicable to network architecture and is not applicable to the routing function. |
