How your cold explains network intrusion

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

As you sniffle and blink your way through this article, think of how your computer responds to malware or directed attack. If the system is healthy and well protected, much as a healthy person is protected by their immune system, then an attack has a much reduced chance of succeeding (and you have a much reduced chance of getting a cold). You and your system can happily perform at pretty much your full levels of performance.

This will hold true up to a point. If you constantly leave yourself exposed to conditions that encourage development of a cold, and if you constantly leave your systems exposed to risk of compromise, then sooner or later you will have a cold and a compromised system. Active defenses will help keep you and your systems from getting sick and they are valid measures to delay or completely avoid the onset of a cold/compromise.

If your computer system is not as well protected, it is like a person with a weakened immune system - both are more likely to contract infection when faced with the same risks that a healthy system and person will not succumb to.

When these different types of individual susceptibility are introduced into a group environment (student accommodation, schools, military barracks, the workplace, your family) it is possible to sit back and watch infection spread within the contained environment in a manner that is mimicked by computer network compromises. In an extremely contagious outbreak, people rapidly become sick in large numbers and productivity almost grinds to a halt while the infection works its way through the group.

A rapidly spreading computer virus or other malware will likewise take out a lot of systems in a very short period of time. The problem is that a short incubation period means that fewer systems will be compromised than might theoretically be achieved. If too many people get sick too quickly, then healthy people will isolate themselves (or isolate the sick people) and continue on working. If too many network nodes get compromised too rapidly, then one of the first steps will be to isolate infected nodes from the rest of the network to prevent further contamination. These simple but effective steps will slow the spread of an infection and in many cases will prevent further infection.

Fortunately there are some systems and people that, for whatever reason, just won't get compromised in a general infection. This allows for some continued functionality and operations even when an attack is at its most severe.

Almost all of us can attest to the general malaise that we feel when we are sick and know that we can't perform anywhere near our optimum levels of capability. That is the sort of performance hit that a compromised system will receive. More infections / compromises means more performance loss.

While you can defeat a cold and the flu through time and rest, the same doesn't hold true for your systems and networks. The best solution in those cases is to analyze how the compromise was successful (if you can) and re-image the systems and start again from a recent known good backup - this time with defenses in place from the start to mitigate risk of being compromised again.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.