Without question, you need to ensure that your firewall is configured to allow for the least possible number of entries. If you are using the FTP port or the SMTP port, can you close these ports? Close any entry into your network that you can via the firewall. Second, your corporate virus engine is typically only as strong as the supporting files that provide the fingerprint of potential viruses. Thus, ensure you select a company that leads the pack on identifying and deploying solutions to new viruses. Most packages include a feature to allow the update of this software as an independent process. Make sure you master this option, and run it daily. Third, if a virus manages to get past your corporate virus engine, it is typically heading straight for an end user's desktop. You must check that your desktop virus engines are configured to receive updates automatically. This is one case where you need to control the situation and push the updates, preventing a
Time is of the essence when your company receives a virus. You must eliminate the potential for propagation, which most often is your e-mail services, while simultaneously protecting your network. Here's the best part: Your executive team and sales force will want to return to work immediately, regardless of the common fact that they are the very group that caused the infection (sigh). First, check that you have a script that will shutdown your mail services IMMEDIATELY. Even if it's not too kind to your system, it's better to perform a database repair than to send out thousands of infected of e-mails and potentially destroy your own data. Second, disconnect your servers and network from each other and the Internet. If you have your server farm isolated, you can prevent an internal network propagation. Immediately notify your department heads that users need to run virus checks on their systems. Find a method to verify that their systems are clean, before allowing those desktop units back onto the network (I recommend a screen capture, in Windows this is Cntrl-Print Scrn). Third, scan your servers with a known clean system (I keep an old laptop off the network for this precise reason). Once all servers are clean, bring them up, and add desktops that have been validated as mentioned above. Fourth, any infected desktops should be COMPLETELY restored from the ground up. You might transfer data from them to a tape, diskette or other system, but do so only when removed from the primary network. It's simple enough to place a hub on a desk and share files with an infected machine onto a clean machine without exposing the whole network. You'll be glad you did! What the future holds...
Thankfully, we have yet to encounter a virus that actually takes advantage of BIOS programming or other peripherals. But I suspect that those are in the near future. Imagine the horror if we find that a virus resides in our hubs, switches or routers. The probability is more likely as we add additional intelligence to these devices. I've been told that the first virus-like programs were designed by artificial intelligence groups to determine if an operating system would protect itself from a renegade program, thus establishing a low form of intelligence. Ironically, now we have low forms of life making intelligent virus programs. About the author
Scott Baetz is the director of MIS for TechTarget, an IT-specific multimedia organization. He enjoys unveiling the mystery of IT problems with a business focus. You may contact him at email@example.com.
This was first published in October 2001