If there's one thing you hate to hear, it's that there is another virus making the rounds. Once again, you have...
to wonder if your system is protected. Once again, you ask yourself: "How do I keep these things out of my network and out of my users' systems?"
If you know one sure answer to that question, you're well on the way to becoming a millionaire. If you don't, there are still certain precautions you can take to minimize your risks. In this three-part series, I'll describe some of the best ways to make your systems hacker-proof. I'll start with basic dos and don'ts in virus checkers and backups. (Don't yawn. This is where most administrators fumble.) In part two, I'll drill deeper, covering routers, firewalls and open ports. Then, in part three, I'll offer some tips on best practices for utilizing patches and service packs and for securing mail servers.
Do use virus checkers.
Just in case you didn't hear me: virus checker, virus checker, virus checker. As your first (and best) defense against viruses, virus checkers should be installed on both your servers and clients. Always make a backup disk using your virus checker software for each operating system you're running, write protect it and keep it in a safe place. Scan each system before you install the software.
A frequently asked question is whether you need to scan both incoming and outgoing files. Usually scanning incoming files is enough, once you've scanned your system initially, because you have already scanned the existing files on your system. However, it doesn't hurt to do a whole system scan every week or, if there's been a recent rash of viruses, more often.
I've heard complaints from some administrators that keeping their virus checkers up to date with the latest virus files and engines eats up too much time. There are several good companies out there that have antivirus software that will not only automatically download to your server but will push the latest updates out to your client PCs, virtually eliminating the administrator's overhead. (McAfee, Norton and Sophos all have commercial programs with central management capabilities.)
However you do it, you have got to have a virus checker and you have got to keep it up to date. Will this keep you free and safe from all viruses? No. Someone has got to get it first, which is why McAfee, to name one company, has a site from which you can upload information about suspected viruses if you think you won the "lottery."
Don't forget the nitty-gritty details in backups.
There is a technical term for administrators who don't perform backups. We call them "unemployed." Now, as a good administrator you're saying, "This guy is an idiot. Everybody does backups." Well, if you're a good administrator, you do perform backups. Not everyone is a good administrator.
You have to do more than just run a backup. Two issues that can hurt you are failure to keep backups for a sufficient period of time and failure to verify your restore capability.
Some major corporations only keep backups 15 days. I understand the reasons -- some of which are financial, some of which are legal -- for a 15-day retention schedule, but what if an unknown virus nails that network and it takes more than 15 days to catch it? That company could be in trouble.
The standard fix for systems infected by a virus for which a cure hasn't been published is "re-partition, format and re-load." (I like to re-partition after a virus; not everyone does.) If you're going with a short backup cycle, you may not have a clean tape to restore, which leaves you in a world of hurt. You don't want to infect your network and you definitely don't want to infect your clients. What are you going to restore?
The other issue is verifying and restoring from backup. Many administrators have never tried restoring their servers on the grounds that "if it ain't broke, I ain't gonna break it." This philosophy works until you try to restore your system and find out that you're missing a patch, or that the heads on your backup drive are slightly misaligned or something somewhere just doesn't work.
Here's a true confession: I've been personally caught short in testing restore capabilities. One of my former students also had a bad experience. His company never verified its Exchange server's backups because "it took too long." When a disaster struck and data was lost, he went to do a restore and couldn't. The tapes were unreadable because of misaligned heads on the tape drives. Since the company never verified the backups, he didn't know about the problem until he really needed to do a restore.
What good is a tape backup that you cannot restore from? Verification and practice restores should be a part of your disaster recovery plan, and you should practice them on a regular basis.
With virus checkers and a verified backup in place, you're ready to build more lines of defenses.
Continue on to part two.
About the author: Douglas Paddock, MCSE, MCT, MCSA, is a CIW security analyst who is also A+ and N+ certified. He teaches at Louisville Technical Institute in Louisville, Ky.
For more information:
Go to part two.
Go to part three.
Check out Douglas Paddock's tutorial on the Microsoft Browser Service.