When a virus infects a network, the network manager should react in two phases, advised Dennis Moreau, CTO of Woodland...
Park, CO-based Configuresoft. First, detect and stop the virus, and repair any damage. Second, keep viruses from re-infecting the system by eliminating loopholes in configurations. In the latter phase, configuration management is an effective tool, so effective that repairs may not ever have to take place.
Configuration management keeps a tally of the status of software and hardware components and operating systems installed on networks. It helps keep configurations updated. "In enterprises, proactive, effective configuration management has and would have headed off damage due to Code Red, Nimda and the new War Poll worm (or Vote virus, WTC.exe attachment)," said Moreau.
To help IT managers better understand configuration management, Moreau and Configuresoft's CEO, Alex Goldstein, gave searchWindowsManageability some tips on building and maintaining secure systems.
Do keep configurations as simple as possible, Goldstein said. This may be difficult, because IT personnel may want all users' configurations to match, but users may each want different settings. "Try to have a balance between the two."
Don't lockdown configuration standards without thinking it through carefully. In the process of simplifying, Moreau, said, IT personnel may lockdown standards that eventually may need to be changed to react to security problems. For example, personnel who locked down Internet Explorer version 5.5 were at a greater risk of catching Nimda. Nimda attacked via that exact IE version.
Do have automated tools monitoring the configurations. "The more you can rely on a computer to manage the standards, the more diversity of configurations you can manage effectively," said Goldstein.
Do establish manageable standards. What is the benefit, asked Goldstein, of having 85 standards if you can only manage three of those effectively? "Set policies that make sense within the context of your organization," he said.
Do constantly review your standards and rapidly implement new standards. New threats, said Moreau, may force you to change your standards.
Do be realistic! You can only protect against what you know, said Goldstein. However, with vulnerabilities administrators already know about, "it is absolutely possible to secure against all configuration-based attacks."
Don't forget that what is a secure configuration today is not necessarily secure tomorrow, according to Moreau. All vulnerabilities are not known at one time. Over time, they are understood, and when they are, update with the latest patches and hot fixes as soon as possible.
Don't overestimate the effectiveness of anti-virus software. "A lot of users will breathe a huge sigh of relief that they've not been affected by a virus and then do nothing else" after installing anti-virus software, said Moreau. The configurations of their machines, however, are still vulnerable to subsequent infection because "the virus is still lurking."
Do create overall security policy that includes a strong mix of security tools and practices, Moreau concluded. Anti-virus, intrusion detection, and configuration management are all players on your security team.
FOR MORE INFORMATION
Read the searchWindowsManageability two-part series on defeating viruses using configuration management.
SearchWindowsManageability has even more configuration management information in our Best Web Links section.