Keeping malware at bay: Check IT List
Kevin Beaver, Contributor
09.28.2004
Rating: --- (out of 5)
Malware -- short for malicious software that refers to viruses, worms, Trojan horses, spyware and so on -- is one of the greatest threats to the confidentiality, integrity and availability of business information. As pesky as it can be, there are some effective ways to fight it off to keep your systems secure. The following are 10 critical steps you can take to ensure your systems are protected from malware:
- Start with perimeter protection. The best place to detect/disinfect malware is not on your critical systems but rather at the network perimeter on an e-mail gateway and/or network firewall. This way, you can prevent the problem from happening before there's ever a chance for the bad stuff to exploit a vulnerability on a local machine. Local malware protection can then serve as an extra layer of protection in case anything gets through.
- Protect against spyware, too. Studies have shown that 80-90% (not sure why it's less than 100%) of systems are protected from viruses, Trojans, worms and so on via traditional antivirus software. However, these systems are still susceptible to malicious adware, spyware, tracking cookies, hacker tools and more that only antispyware software can protect against. Make sure you have both types of protection enabled on your systems.
- Update malware signatures, and update them often. The general recommendation used to be to update antivirus signatures every week or so. Given the time frame for malware infections to occur, updating every week is no longer acceptable. Now signatures must be updated every day -- and even several times a day. Some malware protection software polls their update servers to check for updates as often as every few minutes by default. To make sure your systems are protected from the latest threats, look for software that performs updates in real time, or set your software to check at least every eight hours.
- Use centrally managed software. It's next to impossible to keep all the malware signatures and settings current and consistent across your network, but it doesn't have to be. Use centrally managed antivirus and antispyware software that allows you to make one set of changes and signature updates and then push them out to all of your computers. Some of these programs even support multiple scanning engines for added protection. These programs -- offered by many malware protection vendors -- are actually less expensive per computer and can save you untold amounts of time, effort and money in the long run.
- Keep malware protection options away from users. A positive side effect of using centrally managed malware protection software is that you can control who does what to the software. With few exceptions, you'll want to keep updating, configuring and (especially) disabling antivirus and antispyware software out of users' control. Otherwise, whether it's innocent or malicious, bad things are bound to happen, and the next thing you know, you'll have a malware outbreak on your hands.
- Fortify every host when possible. Whether your systems are running Windows, Unix, Linux, NetWare or Mac OS X, make sure they're at least protected with antivirus software if it's available. This rule applies to dedicated Web servers and even standalone computers. You never know how the next outbreak might occur, and you likely cannot afford to take a chance. Don't forget about personal digital assistants and other portable devices, as they can get infected with malware, too.
- Put someone in charge of monitoring. Whether you use standalone or centrally managed malware protection, someone needs to be in charge of managing and monitoring the software, checking logs, running manual scans and cleaning up infections when necessary. As much as the vendors like to say their software will run itself, it won't. A human needs to be involved. Have a backup person for sick days, vacations, etc.
- Keep your software media handy. If you have a system that's infected due to outdated virus signatures or similar problems, you may have to run an emergency disinfection or you may even have to re-install all the software. If you have access to your installation CD, it'll make your life much easier.
- You don't need to run full virus scans every day. Some people recommend running a scan of your entire system every day to check for viruses. If you've had real-time protection enabled and you're certain it couldn't have been disabled, there's hardly a chance a system can become infected. If you have real-time antivirus protection running all the time, running complete system scans once a week or even once a month should be adequate. From what I've seen, this doesn't necessarily apply to spyware, so you may want to keep running your spyware detection program more often.
- Document the method to handle malware outbreaks. Create a short yet effective security incident response plan that includes specific steps on how malware infections will be handled in your organization. This includes documenting how to determine if an infection has occurred, who to contact for help, how to take the system off the network, steps to take to clean the system, how to determine if an infected system has been cleaned and procedures for putting the cleaned system back online.
Kevin Beaver is the founder and principal consultant of the information security services firm Principle Logic LLC, based in Atlanta, where he specializes in information security assessments and incident response. He has more than 16 years of experience in IT and is the author of several books on information security including the new title Hacking For Dummies by Wiley Publishing. Kevin can be reached here.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchCIO-Midmarket.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
