RISK MANAGEMENT STRATEGIES
War on viruses: An IT manager's perspective
Scott Baetz
10.03.2001
Rating: -4.60- (out of 5)
Globally, as IT professionals, we have been tasked with a new responsibility: We are the corporate defense to a secret war taking place between the virus developers and our individual corporate success. These attacks are more frequent and devastating to our network data and overall corporate uptime than ever before. Given this current condition, I strongly recommend a heightened sense of security and drafting of our fellow employees to our defense. Here are my suggestions.
Recognize the front line...
Without question, you need to ensure that your firewall is configured to allow for the least possible number of entries. If you are using the FTP port or the SMTP port, can you close these ports? Close any entry into your network that you can via the firewall.
Second, your corporate virus engine is typically only as strong as the supporting files that provide the fingerprint of potential viruses. Thus, ensure you select a company that leads the pack on identifying and deploying solutions to new viruses. Most packages include a feature to allow the update of this software as an independent process. Make sure you master this option, and run it daily.
Third, if a virus manages to get past your corporate virus engine, it is typically heading straight for an end user's desktop. You must check that your desktop virus engines are configured to receive updates automatically. This is one case where you need to control the situation and push the updates, preventing a busy user from ignoring this update due to other activities.
Finally, end users need to understand that they are the only true thinking element to prevent a virus from attacking their own system or their corporate network. Since network administrators are not examining bytes as they come across the Internet router, the end user is typically the first person to see the virus before it becomes active. If they simply DON'T OPEN unexpected e-mail attachments, they can increase your defense considerably. Let's remember, the majority of recent virus attacks originate from an open attachment.
What to do if you're attacked?
Time is of the essence when your company receives a virus. You must eliminate the potential for propagation, which most often is your e-mail services, while simultaneously protecting your network. Here's the best part: Your executive team and sales force will want to return to work immediately, regardless of the common fact that they are the very group that caused the infection (sigh).
First, check that you have a script that will shutdown your mail services IMMEDIATELY. Even if it's not too kind to your system, it's better to perform a database repair than to send out thousands of infected of e-mails and potentially destroy your own data.
Second, disconnect your servers and network from each other and the Internet. If you have your server farm isolated, you can prevent an internal network propagation. Immediately notify your department heads that users need to run virus checks on their systems. Find a method to verify that their systems are clean, before allowing those desktop units back onto the network (I recommend a screen capture, in Windows this is Cntrl-Print Scrn).
Third, scan your servers with a known clean system (I keep an old laptop off the network for this precise reason). Once all servers are clean, bring them up, and add desktops that have been validated as mentioned above.
Fourth, any infected desktops should be COMPLETELY restored from the ground up. You might transfer data from them to a tape, diskette or other system, but do so only when removed from the primary network. It's simple enough to place a hub on a desk and share files with an infected machine onto a clean machine without exposing the whole network. You'll be glad you did!
What the future holds...
Thankfully, we have yet to encounter a virus that actually takes advantage of BIOS programming or other peripherals. But I suspect that those are in the near future. Imagine the horror if we find that a virus resides in our hubs, switches or routers. The probability is more likely as we add additional intelligence to these devices. I've been told that the first virus-like programs were designed by artificial intelligence groups to determine if an operating system would protect itself from a renegade program, thus establishing a low form of intelligence. Ironically, now we have low forms of life making intelligent virus programs.
About the author
Scott Baetz is the director of MIS for TechTarget, an IT-specific multimedia organization. He enjoys unveiling the mystery of IT problems with a business focus. You may contact him at sbaetz@techtarget.com.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
