Best Practices for Virus Protection
May 8, 2010First and Foremost, Define your Security Policy
Virus Protection has to be part of your security policy because viruses are security threats.
What factors should you consider when designing security appropriate to your operation?
1. The number and density of personal computers
If your company has many PCs or if there is a high ratio of computers to employees, your procedures should be more formal and extensive.
2. he extent to which computers are interconnected
Note that interconnection does not have to be via a network. If data is routinely moved from one computer to another via “Network” (copying to a floppy disk and walking it across the room to the other computer), your computers are interconnected. The factor you must consider is the extent to which data is moved between computers, not the number of feet (or miles) of wire connecting them.
3. The number of locations where computers are used
To the extent that computers are physically located at a distance, more people will have to coordinate their security activities. In addition, they will have to agree on what procedures are appropriate. Remember, coordination problems increase in proportion to the square of the number of people involved.
4. The pace of operations
Some businesses simply operate at a faster pace than others. Examples include security brokerage houses, travel agents and airline reservation operations. All other things being equal, a currency trading unit will work at a faster pace than a research laboratory. The faster the pace of operations the greater the degree of protection required because the rate at which new data is generated is proportional to the pace of operations. More data equals greater risk!
5. On-line real-time operations
If a PC-based network is used to support an on-line operation, the highest possible level of anti-virus security is necessary. For example, suppose the LAN is used to capture data recorded from a technical support operation. Telephone calls come in and the information from them is logged by technical support people typing much of the information into their computers. There is one (and only one) chance to capture the data. Even daily backup procedures are not sufficient to protect this irreplaceable database.
After Defining your policy choose a vendor that can help you with implementation and execution of your policy
Criteria for choosing an enterprise wide system
· Detection
· Cost of ownership
· Completeness of virus protection offering
· Manageability
· Internet and Firewall protection
· Reporting and Alerting function
· Market Share
· Research and Development
Good Virus Protection, should guard against the damage computer viruses pose to an organization, preventive steps need to be taken to:
· Eliminate viruses currently in the organization
· Guard against the entry of computer viruses into the corporate network
· Eliminate the distribution and spreading of viruses within the network.
o Workstation PCs: A common area computer viruses enter a network is through removable media such as external drives, thumb-drives, floppy disks, cd-roms, zip drives etc. Another way computer viruses can enter the network through workstation is via e-mail attachments. Once an infected attachment is executed, the workstation is also infected. These infected files can be distributed across the network
o Servers: Networked File and Application Server are distributions points for computer viruses. End users use servers to publish and share information, and when these shared files are infected, the infection spreads as well, causing a greater degree of damage to the network.
o E-mail: Information from outside the corporate network often arrives via e-mail, thus is an entry point for computer viruses. Messages and attachments are often forwarded to multiple users within the network, and if infected, can cause widespread damage. E-mail is both an entry point and a distribution mechanism for computer viruses.
o Internet: Immediate access to information via the Internet is essential in today’s business world. It also causes risks to the corporate network. One risk is the risk of computer virus infection. Informational files, applications, and games can be downloaded from the Internet. These files may be infected with computer viruses and thus is an entry point into the network. Once the files are opened or executed, the device is infected.