Workers create last
leaky line of defense against viruses
by Alan Zisman (c) 2003 First published in
Business in Vancouver Issue
#729, October 14-20 2003 High Tech Office column
Adding
to the regular
collection of spam email promising me larger body parts and/or better
performance, I’ve been getting barraged by emails purporting to be from
Microsoft including what is claimed to
be vital security patch. Though the messages look real, I know that
Microsoft
send out updates via email, and my antivirus software tells me that the
attached files carry the W32.Swen virus.
Based
on the number of
virus-spreading messages I’ve received, though, I can only conclude
that an
awful lot of people have fallen for the virus’s siren call.
It’s
not only individuals
who are falling prey to the viruses, worms, and assorted malware. In
August, a
variant of the Blaster worm shut down Air
Canada’s reservation network. In September, the US State
Department’s visa
processing network was hit. And these are just some of the incidents
that got
the most publicity.
When
the infection of a
large organization’s network makes the news, I get asked how could it
happen;
don’t they have firewalls and IT staff specifically to prevent this
sort of
thing? Typically, enterprises have focused on what’s been called a
‘perimeter’ defense.
Firewalls keep outside hackers away from the internal network. Software
scans
incoming email for viruses, and in many cases for spam, all in an
attempt to
keep dangers from getting into the network.
Often,
though, the weakness
is what happens inside the protected perimeter. Perhaps someone at work
logs
onto their personal Web email account. This can let them receive an
infected
attachment that would have been blocked if it was sent to the company’s
email
system. Swen, Blaster, and other recent infections can quickly spread
across
the network from a single infected computer.
Another
way to bypass the
firewall is with notebooks. These may travel back and forth from work
to home,
or may be brought in by outsiders, perhaps consultants or sales people
coming
to show a Powerpoint presentation. It’s all too easy to pick up an
infection
outside, then by plugging into the company network, spread the
infection
throughout the organization.
Virtual
Private Network
(VPN) connections between companies or remote access sessions between
employees
working at home and the company network are other potential back doors
through
the perimeter defenses.
Some
steps can be taken by
businesses to better protect themselves. As I discussed in Issue #726, firewall
software such as Zone
Alarm or Absolute
Firewall should be installed
on all notebooks that go back and forth between work and home.
Antivirus
software with up to date virus definitions are a must on all computers,
not
just on the network perimeter. And companies need clear policies on
employee
access to home email accounts, and need to ensure that employees are
aware of
these policies.
It’s
easy to assume that
security is the IT department’s responsibility. Many organizations that
have
downscaled or outsourced their IT staff have recently felt the pain
when no one
was available when the crunch came. And individual users need to take
responsibility for firewalls and up to date antivirus software on their
home
systems and notebooks, knowing that infections on these computers can
affect
the company’s network as well.
Jeff Guerdat,
IT manager with LSI Logic, noted: “You
may have nailed down the whole internal network and then one lone
remote access
individual gets the latest problem and spreads it… If employees don't
want to
take the time, I can't help them. I've
been educating users as a part of my job but some simply don't care. But I'm the one who has to fix it when
there’s a problem.
“Controlling
patches is a
huge job. We don't always have the
resources to go to all the machines and patch them or to use tools to
push
things out. And then there's the time and network bandwidth involved,
all while
you're trying to make products and generate a profit.”