Workers create last leaky line of defense against viruses

by  Alan Zisman (c) 2003 First published in Business in Vancouver Issue #729, October 14-20 2003 High Tech Office column

Adding to the regular collection of spam email promising me larger body parts and/or better performance, I’ve been getting barraged by emails purporting to be from Microsoft including what is claimed to be vital security patch. Though the messages look real, I know that Microsoft send out updates via email, and my antivirus software tells me that the attached files carry the W32.Swen virus.

Based on the number of virus-spreading messages I’ve received, though, I can only conclude that an awful lot of people have fallen for the virus’s siren call.

It’s not only individuals who are falling prey to the viruses, worms, and assorted malware. In August, a variant of the Blaster worm shut down Air Canada’s reservation network. In September, the US State Department’s visa processing network was hit. And these are just some of the incidents that got the most publicity.

When the infection of a large organization’s network makes the news, I get asked how could it happen; don’t they have firewalls and IT staff specifically to prevent this sort of thing? Typically, enterprises have focused on what’s been called a ‘perimeter’ defense. Firewalls keep outside hackers away from the internal network. Software scans incoming email for viruses, and in many cases for spam, all in an attempt to keep dangers from getting into the network.

Often, though, the weakness is what happens inside the protected perimeter. Perhaps someone at work logs onto their personal Web email account. This can let them receive an infected attachment that would have been blocked if it was sent to the company’s email system. Swen, Blaster, and other recent infections can quickly spread across the network from a single infected computer.

Another way to bypass the firewall is with notebooks. These may travel back and forth from work to home, or may be brought in by outsiders, perhaps consultants or sales people coming to show a Powerpoint presentation. It’s all too easy to pick up an infection outside, then by plugging into the company network, spread the infection throughout the organization.

Virtual Private Network (VPN) connections between companies or remote access sessions between employees working at home and the company network are other potential back doors through the perimeter defenses.

Some steps can be taken by businesses to better protect themselves. As I discussed in Issue #726, firewall software such as Zone Alarm or Absolute Firewall should be installed on all notebooks that go back and forth between work and home. Antivirus software with up to date virus definitions are a must on all computers, not just on the network perimeter. And companies need clear policies on employee access to home email accounts, and need to ensure that employees are aware of these policies.

It’s easy to assume that security is the IT department’s responsibility. Many organizations that have downscaled or outsourced their IT staff have recently felt the pain when no one was available when the crunch came. And individual users need to take responsibility for firewalls and up to date antivirus software on their home systems and notebooks, knowing that infections on these computers can affect the company’s network as well. 

Jeff Guerdat, IT manager with LSI Logic, noted: “You may have nailed down the whole internal network and then one lone remote access individual gets the latest problem and spreads it… If employees don't want to take the time, I can't help them.  I've been educating users as a part of my job but some simply don't care.  But I'm the one who has to fix it when there’s a problem.

“Controlling patches is a huge job.  We don't always have the resources to go to all the machines and patch them or to use tools to push things out. And then there's the time and network bandwidth involved, all while you're trying to make products and generate a profit.”