Staying safe from viruses and worms

Dealing with the different worms/viruses that debuted over the past weeks – Blaster, Nachi and Sobig.F – tested our resources and preparation. To keep things from getting out of control the next time, what can you suggest we look at and/or try?

Dealing with the different  worms/viruses that debuted over the past weeks – Blaster, Nachi and Sobig.F – tested our resources and preparation. To keep things from getting out of control the next time, what can you suggest we look at and/or try?

– Via the Internet

Make sure your routers/switches are on the latest general deployment release of the operating system/firmware. This will help minimize your exposure to any bugs or exploits that you might be exposed to if you’re running an early release of the OS/firmware. Whether your router/switch is from Cisco, Nortel or whomever, make sure you have the latest copy of a “best practices” or other document that takes you through the process of “hardening” the device so the possibility of this being the source of a problem is kept to a minimum. The hardening process will need to be revisited as you upgrade to newer versions of the OS/firmware for your network devices.

Keeping the Windows servers current on patches is an important task. If you’re deploying Linux servers in your company, ensure that unneeded services are disabled and the patches are up to date. You can also look at the Bastille Project for a way to “harden” your Linux servers and keep unwelcome visitors at bay. A product called TripWire installed on all servers will give you a heads up when unauthorized changes are made to files.

Look to sites such as http://www.cert.org as one source of information on how to be prepared and what to do to fight the latest worms/viruses/exploits going around. In the case of Sobig.F, you may need to recruit some of your more PC-literate users for help. On one of the security listservs, I noticed a list of IP addresses that were recommended to be blocked at the gateway router that connects your network to the Internet. You may find messages coming from addresses that aren’t on the list. This is where your experienced users can give you the IP addresses, which you can add to the list of those that need to be blocked. While not an ideal solution, by blocking the traffic at the router, it keeps some load off your mail server or SMTP screening solution to work on other tasks.

If you aren’t fluent in dealing with Linux, consider getting a little exposure. A tool called Nessus can help you check for vulnerabilities or missing patches on all machines on your network. Plug-ins to scan for new potential problems are released several times per day or every few days – so getting the latest downloaded should be something done before you begin scanning for problems each time.

These are just a few of the things you can do to help minimize your exposure when new viruses/worms come out.