HIPAA/SECURE:
Security Q/A
January 2002
"Are Computer Viruses Getting Worse?"
by Eric Maiwald, CISSP, Chief Technology Officer,
Fortrex Technologies, Inc.
QUESTION: Viruses seem to be getting more dangerous in
the last few months. Do you expect this trend to continue and what
can be done to reduce the impact on my organization?
ANSWER: Your impression is absolutely correct and yes, I
would expect the trend to continue. But, before I get too far into
this answer, I would like to clear up a bit of terminology. There
are actually three types of programs that we see causing problems:
- Viruses - a program that piggy backs on a legitimate program.
Examples are Melissa and Michelangelo.
- Worms - a program that executes on its own and uses its own
code to spread.
Examples are Code Red and SaAdmind.
- Trojan Horses - a program that pretends to be something it
is not.
Examples are Anna Kournikova and ILOVEYOU.
Collectively these programs are called "malicious code."
We are also beginning to see programs that exhibit characteristics
of multiple categories. For example, Nimbda had characteristics
of both a worm and a Trojan horse in that it spread by attacking
web servers as well as by tricking users into opening an email attachment.
In the last few months we have seen these programs get more sophisticated
and much more dangerous. For example, the Code Red worm damaged
hundreds of thousands of systems in a very short time. The two most
interesting programs (as far as sophistication and potential damage)
are BadTrans, which captured keystrokes on user computers, and Goner,
which disabled anti-virus software. Clearly, if we begin to see
more programs like this, the potential for damage (especially loss
of time and resources) is very high.
How can you reduce the impact of these programs on your organization?
There are five primary tactics that together provide reasonable
protection for your organization:
Use anti-virus software and keep the signatures updated. Keep
in mind that signatures can come out very quickly in response to
a new virus or worm and thus you should check for updates daily.
Having the program automatically check for and then push out these
updates helps a lot.
Check incoming and outgoing emails for malicious programs. There
are a number of software packages that will check email attachments
for worms and viruses as the mail comes into or goes out of the
organization. These can prevent the initial infection even if the
users don't update their signatures. Of course, this type of system
does require the administrators to keep the email checking programs
up to date.
Teach your users about malicious programs. The most important
link in preventing viruses and Trojan horses is the user. The user
must understand what not to do. They should know not to open attachments
that they are not expecting.
Set up proper access control inbound and outbound through your
firewalls. If rules are properly configured on your firewall, many
worms can be prevented from spreading. For example, do not allow
your web server to open outbound connections. This would prevent
Code Red from spreading if your web server were infected.
Patch your systems to prevent vulnerabilities from being exploited.
Some of the more recent worms are using new vulnerabilities in servers
to spread. Keep the systems patched and you will reduce the likelihood
that they will be successfully attacked.
Read past HIPAA / SECURE Q/A articles.
Fortrex Technologies, a Phoenix Health Systems security partner,
provides enterprise security management services and information
security process and monitoring services for healthcare and other
industries.
www.fortrex.com
|
