It is my opinion that any successful security solution is backed by a solid security policy. And by security policy, I don't just mean the vague general overview document that flatly states that all possible virus infections shall be repelled. I am referring to a fully functional security documentation infrastructure that includes policies, standards, guidelines and procedures. Without documentation from general goal overview to detailed step-by-step instructions for implementation, I don't see how any solution can be deemed successful in any environment.
With that said, I'll focus on the key elements that need to be present in an enterprise-wide antivirus security policy. In my view, here are the issues that you must somehow address:
- Solutions should include software as well as personnel education.
- An emergency response team should be formed that is trained and experienced in infection detection, termination and recovery.
- Software solutions should provide automated protection and self-updating capabilities.
- Virus-free backups should be a high priority.
- Preventing virus infected files from reaching your core servers should be of the utmost importance.
- Users, who are risk takers or have a history of being the conduit through which malicious code enters your environment, should be strongly warned then removed upon repeated infractions.
- Users should be granted access on the basis of the principle
- of least privilege; if a resource or a function is not required for their specific work tasks, then it should not be granted to the user.
- No unapproved and untested software shall be installed on any production system within the environment.
- Users are not to perform virus recovery, removal or cleaning on their own; they should contact the emergency response team.
- All information about viruses, especially protection, removal and cleaning instructions, should be double checked by researching various trustworthy, well-known antivirus organizations. Unsolicited e-mails about virus response initiatives will be ignored until they are validated.
- Active content and file downloading will be restricted or rigidly managed to prevent malicious code infection.
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
For more information, visit these other resources:
- On-demand tutorial webcast: Malicious code -- What's what
- On-demand tutorial webcast: Malicious code -- What to do
- Virus Prevention Tip: Awareness training is essential to an antivirus strategy
This was first published in May 2003