December / January Mfg.Trust
Mfg.Trust is a feature of the
NCMS InfraGard Manufacturing Industry Association
Infrastructure assurance for manufacturers.
Powered by NCMS.
This month – ‘TIS THE SEASON TO BE VIRUS SAVVY...
Hardware and software, as well as training, are part of a comprehensive security plan
Accompanying Resource Page for this Story
Editor’s Preface:
In these first few months of the NCMS InfraGard Manufacturing Industry Association’s existence, we have been painting a picture for you of information assurance as a comprehensive process backed by a plan. You have and will see us describe the picture from many different angles: people, process, technology – hardware, software, training – and more. All aspects of your process must be integrated and work together. A great capability in just one area will not ensure success. Information assurance is NOT just about people. It is CERTAINLY NOT just about technology either.
Recent Mfg.Trust articles talked about people (October: Identity Theft) and process (November: Managing the Trust of the Trusted). Here we will briefly examine some technology. The purpose of the feature story is to give you a layman’s understanding of viruses, the usefulness of defensive software, and offer some cogent suggestions on what you can do when attacked. We are most fortunate to have Phil Callihan, NCMS MIS Director, as our guest author this month.
You need to pay attention to the basics of this issue, even if you are “just a manufacturing person,” “just a business person,” or even “just a home cable modem user.” Unfortunately for industry, malicious software will likely be a long-term issue. There is opportunity for much more mischief than the world has seen so far. Yet, there are also powerful defensive tools.
The “virus savvy” will also want to look at an excellent resource page at http://trust.ncms.org that provides deeper resources than an email feature. Among other information here, you will find a clear, understandable description of what a firewall does, and what types of firewalls exist.
NCMS is dedicated to helping manufacturers develop robust systems that assure uninterrupted production. We hope you find these resources useful both in your home and business lives. Aware and educated private citizens are also aware and educated employees!
John Sheridan (johns@ncms.org)
‘TIS THE SEASON TO BE VIRUS SAVVY...
by Phil Callihan, MCSE/MCT, MIS Director for NCMS
As the holidays approach, it's a good time for a refresher course on virus prevention and control. Organizations have increasingly grown dependant on the quick and easy exchange of information the e-mail affords us. Unfortunately, the convenience of e-mail makes it a fast delivery medium for any number of viruses and various other computer attacks. While complete protection is difficult to achieve, most threats can be neutralized with a comprehensive network security plan and some common sense.
What is a virus?
For this discussion, a computer virus is a piece of software that is run without the knowledge of a user. Not every computer virus is malicious, but every computer virus does illustrate the mischief that can be done to an unprotected system. For this reason, every computer virus must be taken seriously and proper steps must be taken to eliminate and prevent the virus from infecting other users.
How does a computer get a 'virus'?
There are many ways for your system to be infected by a computer virus. An infected floppy disk can pass a virus from system to system. 'Trojan Horse' software that a user knowingly executes can infect systems. But the most prevalent way computers get infected these days seems to be via e-mail. Once a virus is executed on a computer system it exploits a vulnerability to take control. A virus may delete files, crash the system, or send copies of itself using the system's e-mail configuration.
Computer Virus Prevention and Control
With great speed e-mail can make a computer virus a problem for not only you, but also other people in your organization and across the Internet. What steps can your organization take to prevent this from occurring? The best defense is the deployment of a comprehensive network security plan. This plan is a combination of hardware, software, and staff training.
The plan should address the vulnerabilities of an organization. How would a computer virus enter the computer systems of an organization? The first threat is external; Internet based attacks and virus infected e-mail can be blocked with the use of Internet firewalls and perimeter e-mail gateways that can prevent infected e-mail from entering your organization. Firewalls can prevent malicious users from directly attacking network systems. Perimeter e-mail gateways can also scan and eliminate potentially dangerous file attachments from entering your network.
The second threat is from internal e-mail; messages sent from user to user within your organization. Your organization's e-mail server can be integrated with an anti-virus scanning solution to neutralize this threat. Internal computers should also be deployed with desktop virus protection to prevent a computer virus from reaching the e-mail system.
An important note on any type of software scanning solution: the software must be updated with the latest virus definition files in order to work properly. Any network security plan must include the regular update (usually weekly or bi-weekly) of these virus scanning files to be effective.
Another element in a network security plan is staff training. Organizations should train their staff on how to recognize virus activity and react accordingly. The easiest way to fight a computer virus is to prevent it from infecting your computer systems. User education can help you achieve this goal.
An important element in any comprehensive plan is redundancy. Many organizations make the mistake of deploying a single layer of protection. While some protection is better than none, the best solution is a multi-layered approach as described above that allows incoming and outgoing e-mail to be scanned multiple times by different systems before delivery. That way, if any single point fails to detect a virus, another detection system may catch it before it gets passed on for delivery.
Network users are often irritated by the various virus prevention mechanisms deployed in their environment. Hopefully, this brief overview may explain why such measures are necessary.
Virus Response Plan
Despite your best efforts your computer may get infected with a virus. Depending on the type of virus you also may have sent it to various people in your organization and across the Internet. What steps do you take now? First, clean the virus from your computer. Usually this will fall to your organization's Information Technology (IT) group. After you have cleaned your computer, and taken the necessary steps to prevent re-infection you may need to contact people that you have exposed to the virus via e-mail. Include the following information: The dates you were infected, the name and type of the virus, and the characteristics that are exhibited in an infected system. This information will help anyone who has been infected by a potential virus eradicate it from their systems.
Virus infection doesn't necessarily mean that you have a poor network security plan. Any type of protection may be vulnerable to new threats and virus attacks. A response plan will help you defend against new threats to your computer systems.
What you can do...
How does a single user help defend against the constant threat of computer virus infection? Insure that your IT department is updating your virus protection software. Observe if your computer begins to behave oddly. Delete messages that come from people unknown to you. Don't execute programs that are sent to you through e-mail unless you know exactly what the program will do. Software should only be installed by your IT department unless directed otherwise. These simple steps can prevent a majority of virus infections.
In conclusion, companies that use the Internet for business operations should have a comprehensive network security plan. This plan should be a blend of hardware, software, and employee training to protect the electronic assets of an organization. This network security plan should incorporate a multi-layered virus prevention component. Computer virus infection can cause a loss in productivity and damage to the public perception of your company. All reasonable steps should be taken to prevent such a loss to occur.
Is a virus threat real?
Many well-intentioned people pass e-mail warnings about potential computer viruses. Check the following site before sending false warnings:
Virus Myths Page - http://www.vmyths.com/
Links:
Network Associates Virus Protection Products http://nai.com
Norton Virus Protection Products - http://enterprisesecurity.symantec.com/content/productlink.cfm#0
There are great resources available at the Carnegie Mellon University Computer Emergency Response Team (CERT) site - http://www.cert.org/
| Please check out these related sites | ||
|
|
|
|
|
Copyright 2004 |
||
