Expose us More Than in the past

 Critical “E-Business”

– Sales

– Manufacturing

– Development

 Integrated (& Automated) Supply Chain

 Concurrent Engineering

 Increased Use of IT Contractors

 Layoffs & Acquisitions (unhappy employees)

Background-Computer Viruses

 Where do computer viruses come from?

o Man-made, written by real people

o Not a natural by-product of computer use

o Not created by ‘bugs’ or by improper use of software / hardware

How do viruses cause damage?

 Irretrievable loss of files

 Congestion of computer networks

 Possible hardware damage

Background-Computer Viruses

 How does a computer get infected?

o E-mail

o Executable downloads

o Network Shares

o Web Pages

o Portable Storage (infected disks, etc…)

o Almost any form of computer input

 Non-viruses

o Joke programs

o Spam (junk) e-mail

o Pop-up windows

o Ad-ware

o Web Cookies

How is protection against new kinds of viruses maintained?

 Every new virus is identified and definitions are created by antivirus software companies.

o It is possible to create definitions for ANY virus

 These definitions are distributed via Update and definitions servers.

What happens when viruses are detected?

o Repair can be attempted

o Quarantined away from other files

o Deletion of infected file from system

Virus Management

Server and Client management

Recommend installing an Enterprise AV Solution

Use Enterprise AV Solution to setup virus scanning settings

Set frequency of server definition updates

After xx.xx time is preferred if updating from your.corp.network

Set frequency of definition updates for clients

Set default times for daily or weekly client virus scans

Set frequency of daily or weekly server virus scans

Quarantine Management

Use Primary Definition Server for Quarantine

Default disk space reserved is 500 megabytes

Use Enterprise AV Solution to manage Quarantine server

Can have clients submit virus’ to server

Local copy is still kept on the workstation

Enterprise AV Solution shows workstations that have been infected

Maintenance with Enterprise AV Solution

Check logs for server and clients

Check Virus Scan History of server and clients

Length of History can be adjusted, default 30 days

Initiating Network Wide Virus Scans

Individual Clients

All Clients

How Does Anti-Virus Software Detect Hostile Applets & Trojan Horses?

1) Analyzes program in buffer

2) Compares signature

3) Monitors suspicious behavior

4) Blocks applet or Trojan

Key lessons learned

• Check every machine

• Start with a small set of vulnerabilities – those that are most often exploited

• Allow sysadmin to compete and win the race to remove the vulnerabilities

• When set 1 is fixed, start on set 2; continue testing 1

• Use capabilities and skills to remove critical new vulnerabilities rapidly

• Costs surprisingly low: $30-40 per machine, and most of that is sysadmin labor

Action Plan

• Get management support for a project to reduce vulnerabilities

• Set up sysadmin/security group too oversee project and share techniques for correcting problems

• Offer a Top 20 testing capability to all divisions for 90 days before asking for results

• Run quarterly tests – Set an organizational goal

• Get management to reward organizational units that do the best job

Recommendations

 Employee education is very important

– End-users

– System administrators

– Management

 Form a corporate virus response team

– Develop standardized procedures for day-to-day issues and virus outbreaks

– Develop detailed communication plan

– Meet regularly and share best known methods

 Continue to learn about virus threats and how to protect yourselves from them