Published: 01 Nov 2003
"You've got mail" never sounded worse than in September. For many of us, every download brought a new email carrying the Swen worm (aka Gibe and Worm.Automat).
Guarding against viruses and worms is old hat for enterprises. They've configured corporate email servers to reject messages with executable attachments, and have gateway AV scanners for detecting malicious code passing over the wire. But how do you extend that protection to home-based workers and road warriors?
Your remote users connect from home PCs, laptops, and public terminals to get email. They have high-speed Internet connections and small networks shared with other family members. They're easy targets.
To protect home and remote workers, I suggest these seven essential practices.
1. Antivirus. Set up the AV software to check for and automatically install weekly updates. Require users to manually check for updates when they hear about a new virus or worm. It's a simple and effective way to prevent infections.
2. Vendor Updates. This may sound crazy to some, but enable your PC to periodically check for and automatically install critical updates. Best practices may say never install a patch without testing it, but automatically deploying critical patches -- especially for mundane desktop apps -- is a no-brainer since you'll end up doing it anyway.
3. Firewalls. If the AV app doesn't stop a worm, a PC firewall should raise a stink when a program other than your e-mail client or Web browser attempts an outbound connection. In most cases, it will prevent the worm from spreading. There's a number of good software firewalls -- some free, such as Zone Labs' ZoneAlarm. To protect multiple systems, consider mandating small office/home office (SOHO) hardware firewalls. These devices won't stop another Swen from spreading, but will prevent the exploitation of services such as the recent Microsoft RPCSS buffer overrun.
4. VPNs. VPNs or other confidential-connection schemes protect against eavesdropping and connection hijacking. With a VPN, you can allow remote users to securely access resources on the inside of your enterprise network. With some VPNs, you can ensure that only policy-compliant systems connect.
5. Configuration Management. Speaking of policy compliance, all the security products in the world won't make a bit of difference if a user disables or modifies his machine's safeguards. And users -- despite security policies -- install unauthorized software, change system controls and disable security solutions for any number of reasons, mostly to improve their machine's performance. Some enterprises won't permit remote connection if a system doesn't have the proper configuration and security protections. One such solution is Sygate's SSE, which ensures a user's machine is compliant and also facilitates updates.
6. Filter Attachments. If your corporate email gateway doesn't strip attachments, set it to do so. Users rarely have a legitimate business need for receiving non-Office attachments, such as .exe. Users who actually need these file types can get the sender to Zip them or ask their email admin to manually forward them. Filtering will prevent dangerous scripts from landing in your users' inboxes.
7. User Education and Awareness. This is absolutely essential. AV may not catch a new virus, patches don't always take, and firewalls may fail open. In such circumstances, you want your users to think before they download and open that attachment from their Hotmail account. Ultimately, users are your biggest weakness and your last line of defense. Give them the knowledge to act appropriately.
No security measure is a guarantee against malware infection, but these seven steps will help mitigate the risk to your remote users.
About the author:
Fred Avolio is president and founder of Avolio Consulting, a Maryland-based computer and network security consulting firm.