In an effort to help busy security managers, CISSP Shelley Bard's weekly column will build upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic security plan. Visit here for an archive of previous columns.
When
Update weekly; at least daily during outbreaks
Why
Even though it seems logical to believe that everyone should have some protection on their systems by now, Netsky and Mydoom wouldn't have infected so many computers if this were so. The bottom line is that if you've had loss of business, bandwidth clogging, productivity erosion, management time reallocation issues or recovery costs, you were affected.
Strategy
A virus is a program capable of replicating with little or no user intervention and can destroy other programs without your permission. A worm is a self-replicating piece of code that spreads to other drives, systems or networks. I roll my eyes when I hear people correcting others when discussing a "worm" or a "virus." Other terms like trapdoor, time bomb, etc., are just flavors. Who cares? They're all code you don't want on your systems. Stop correcting people and correct the system problems. Viruses generally have a harder time running on Unix systems. There are a few viruses that run on Linux. Windows suffers the majority.
Figure out where the problem occurred. Virus signature updates not current or not frequent enough? Ensure you have the latest signatures the minute they're available, for example, using an auto-update mechanism versus fetching them yourself. People executing those attached files? Perhaps you need a better/faster/louder alert system for users. (Add this item to your training, education and awareness program.) E-mail server not recognizing outgoing spam? Tweak the activity threshold or get a third-party package that regulates bulk e-mails, in or out. If your company does a lot of legitimate mass e-mailing, you'll have to tweak this system more than most. Users complaining about e-mail quarantines? Tough. Better a few late e-mail files than a system down and organization compromised. Use a backup system called the "telephone."
In sum, take the time to figure out the area of your system most vulnerable to viruses and fix it. Even if there is a "next time," the fallout will affect you less, and the fix will be faster and more manageable overall.
More information
Fred Cohen, generally credited with creating the first virus, got the idea for the term from a science fiction book, Shockwave Rider (Harper and Row, 1975), where the author discussed a computer tapeworm. Virus protection tools are available from Computer Associates, F-Secure, Kaspersky Labs, McAfee, Sophos, Symantec and Trend Micro. Some of these companies also offer antivirus for Unix-based systems. All can help you find what you need to make your system more secure.
About the author
Shelley Bard, CISSP, is a senior security network engineer with Verizon Federal Network Systems (FNS). An infosecurity professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments to mailto:securityplanner@infosecuritymag.com
Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.
Last week: Social engineering --The low-tech side of high-tech
Next week: Spring cleaning -- part 1
