Tip

Fundamentals of a virus-free network

Chris Mosby, Contributer, myITforum.com

This is the first in a series of six articles that will detail what I believe to be the fundamentals to having a virus-free network. I have identified these fundamentals through trial, error and observation in the almost three years of working in the dual role of systems management servervirus protection administrator at my last place of employment. The combination of these fundamentals has allowed that company to have zero network downtime, due to virus infection, since January 2000 to now.

The first of these fundamentals is awareness.

Simply put: You can't protect your network against a threat, if you don't know the threat exists.

Administrators need to keep up to date on viruses, current virus trends and application and operating system security vulnerabilities. How aware an administrator is about these subjects is very important; it affects all the decisions that an administrator will make in an effort to protect a network from viruses.

There are several ways that this can be accomplished.

For information on viruses and virus trends, the best place to start is on the Web sites of antivirus software vendors (I will talk more about antivirus software in my next article). All those companies have some kind of virus information section on their Web sites.

I would recommend checking the Web site that corresponds with the antivirus software that your company uses several times a day, and every couple of hours would be even better. Virus writers

Requires Free Membership to View

are getting smarter and more devious every day, and another virus like Nimda or Blaster could spread across the globe in a matter of hours, or even minutes with the right conditions. The more often you check, the better chance you have of getting a heads-up on the next virus that goes worldwide.

Since antivirus vendors partly rate the threat level of a virus on how many samples of a virus have been submitted by their customers, it is also a good idea to check more than one Web site for virus information. I would recommend checking out two or three, just to keep an eye on things.

Here are some links to a few good antivirus Web sites:

Symantec

Network Associates

Trend Micro

Computer Associates

F-Secure

I usually concentrate on Symantec's, Network Associates Inc.'s and Trend Micro Inc.'s Web sites. According to the latest ICSA Labs 2002 Virus Prevalence Survey, these three companies make up about 89% of the global antivirus software market share. If a new worldwide virus outbreak happens, one of these three companies is probably going to be the first to have information on it.

Microsoft has also recently put up an Antivirus Information Web site to provide one place for information on viruses that involve security vulnerabilities in their software or operating systems. This is also an excellent source of information for using Microsoft products to help you keep viruses from infecting your network. Microsoft also has a Knowledge Base article listing other antivirus software vendors here: List of Antivirus Software Vendors (Q49500).

For application and operating system security vulnerabilities, the first thing I would recommend is signing up for the NTBugtraq mailing list at www.ntbugtraq.com. If a security vulnerability comes out, you can usually read it on this list before you will see it anywhere else. Other good Web sites are www.securityfocus.com, www.cert.org, and www.icsalabs.com.

I would also recommend signing up for Microsoft's Security Notification Service, so you can be notified by e-mail each time a security vulnerability from Microsoft is announced, and receive information if there is a fix.

The complexities of viruses are increasing every day, as the Nimda and Blaster viruses have taught us all. The vulnerabilities that Nimda used to propagate were several months old when that virus went worldwide. The Blaster virus taught us this lesson again, as it spread globally less than a month after the vulnerabilities it used were announced. If more administrators had been aware of those vulnerabilities, then Nimda and Blaster would not have had as big an impact as it did. To win the war against viruses, awareness is the first weapon that you should have in your arsenal.

For more information see these stories:

Fundamentals of a virus-free network -- Part 2 -- by Chris Mosby

Fundamentals of a virus-free network --Part 3 -- by Chris Mosby

Chris is the creator of SMS Admin gear and currently works as the SMS Administrator for a large regional bank in Tupelo, Mississippi. His other accomplishments include Beta testing the current version of SMS Installer for Microsoft, designing and implementing the initial SMS 2.0 system of Bechtel National's Waste Treatment Plant Project and obtaining his Symantec Product Specialist Certification in Norton AntiVirus Corporate Edition 7.5/7.6.


This article first appeared in myITforum, the premier online destination for IT professionals responsible for managing their corporations' Microsoft Windows systems. The centerpiece of myITforum.com is a collection of member forums where IT professionals actively exchange technical tips, share their expertise, and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS). It is part of the TechTarget network of Web sites. To register for the site and sign up for the myITforum daily newsletter, click here: http://myitforum.techtarget.com/registration/form.asp?user=0.

This was first published in May 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.