This is the first in an ongoing series of articles that detail what I believe to be the fundamentals to having a virus-free network. I have identified these fundamentals through trial, error and observation in the almost three years of working in the dual role of systems management server/virus protection administrator at my last place of employment. The combination of these fundamentals has allowed that company to have zero network
downtime, due to virus infection, since January 2000 to now.
The first of these fundamentals is awareness.
Simply put: You can't protect your network against a threat, if you don't know the threat exists.
Administrators need to keep up to date on viruses, current virus trends and application and operating system security vulnerabilities. How aware an administrator is about these subjects is very important; it affects all the decisions that an administrator will make in an effort to protect a network from viruses.
There are several ways that this can be accomplished.
For information on viruses and virus trends, the best place to start is on the Web sites of antivirus software vendors (I will talk more about antivirus software in my next article). All those companies have some kind of virus information section on their Web sites.
I would recommend checking the Web site that corresponds with the antivirus software that your company uses several times a day, and every couple of hours would be even better. Virus writers are getting smarter and more devious every day, and another virus like Nimda or Blaster could spread across the globe in a matter of hours, or even minutes with the right conditions. The more often you check, the better chance you have of getting a heads-up on the next virus that goes worldwide.
Since antivirus vendors partly rate the threat level of a virus on how many samples of a virus have been submitted by their customers, it is also a good idea to check more than one Web site for virus information. I would recommend checking out two or three, just to keep an eye on things.
Here are some links to a few good antivirus Web sites:
Symantec
Network Associates
Trend Micro
Computer Associates
F-Secure
I usually concentrate on Symantec's, Network Associates Inc.'s and Trend Micro Inc.'s Web sites. According to the latest ICSA Labs 2002 Virus Prevalence Survey, these three companies make up about 89% of the global antivirus software market share. If a new worldwide virus outbreak happens, one of these three companies is probably going to be the first to have information on it.
Microsoft has also recently put up an Antivirus Information Web site to provide one place for information on viruses that involve security vulnerabilities in their software or operating systems. This is also an excellent source of information for using Microsoft products to help you keep viruses from infecting your network. Microsoft also has a Knowledge Base article listing other antivirus software vendors here: List of Antivirus Software Vendors (Q49500).
For application and operating system security vulnerabilities, the first thing I would recommend is signing up for the NTBugtraq mailing list at www.ntbugtraq.com. If a security vulnerability comes out, you can usually read it on this list before you will see it anywhere else. Other good Web sites are www.securityfocus.com, www.cert.org, and www.icsalabs.com.
I would also recommend signing up for Microsoft's Security Notification Service, so you can be notified by e-mail each time a security vulnerability from Microsoft is announced, and receive information if there is a fix.
The complexities of viruses are increasing every day, as the Nimda and Blaster viruses have taught us all. The vulnerabilities that Nimda used to propagate were several months old when that virus went worldwide. The Blaster virus taught us this lesson again, as it spread globally less than a month after the vulnerabilities it used were announced. If more administrators had been aware of those vulnerabilities, then Nimda and Blaster would not have had as big an impact as they did. To win the
war against viruses, awareness is the first weapon that you should have in your arsenal.
Chris is the creator of SMS Admin gear and currently works as the SMS Administrator for a large regional bank in Tupelo, Mississippi. His other accomplishments include Beta testing the current version of SMS Installer for Microsoft, designing and implementing the initial SMS 2.0 system of Bechtel National's Waste Treatment Plant Project and obtaining his Symantec Product Specialist Certification in Norton AntiVirus Corporate Edition
7.5/7.6.
RESOURCES DIRECT FROM: MyITForum.com
