Worm Prevention is Better Than Cure

September 2003

Having a simple security policy in place could save you precious resources spent fire fighting large-scale worm and virus outbreaks, such as the W32.Blaster and W32.Sobig.F worms.

Although hundreds of new worms, viruses and variants appear every month, Blaster and Sobig made August the worst month of all time. The managed email security service MessageLabs reported that 1 in 17 emails were viruses for most of August. As of September 2nd, MessageLabs reported having intercepted 13.5 million Sobig.F emails!

Blaster spread through a vulnerability in a Windows NT, 2000, XP or 2003 service. There are two ways to prevent this, both of which I recommend, so to adopt a layered approach to security. The first is to ensure all PCs are patched regularly (more about this later), and secondly ensure that a properly configured firewall is in place.

Sobig spread as an email attachment, which the recipient needed to actually select and run. Again, there are two ways to prevent this. Firstly, user education. A simple email usage policy can prevent the bulk of email problems. Secondly, sign up for an external email virus and spam filtering service. This is relatively inexpensive compared to how much resources are wasted cleaning up after viruses and deleted spam emails.

To continue with the layered approach to security, I also recommend having desktop antivirus software in place, as generally you will only know that you are infected or were going to be infected if you have desktop antivirus, or one of your clients rings you up and asks "Why did you send me a virus?"

Generally, larger businesses escaped the worst of the Blaster and SoBig outbreaks due to their good internal security policies, well-configured corporate firewalls and layered antivirus solutions.

However, one area that causes security headaches for corporations and smaller businesses alike is the laptop. A common occurrence during August was a laptop connected to the Internet by dial-up being infected by Blaster, and then taken to the office and being attached to the office network, which promptly infects all the office PCs.

To continue the theme, again there are two ways to prevent laptops becoming carriers. One, well-configured firewall software installed on the laptop is essential. These range from free to inexpensive - Tiny Personal Firewall and Zone Alarm are a couple. Secondly, regular patching.

Patching is a term used for applying security updates to operating systems software to fix vulnerabilities. For externally connected hardware such as web servers and laptops, this should be done as often as possible. In practical terms for Windows this means making the most of the Automatic Updates service. Where it is impractical, a regular update should be carried out.

A report from the analyst Datamonitor in mid-August predicted information security spending to rise and outperform other IT industry areas over the next three years. However, it is possible to tighten up security a great deal by making the most of your existing hardware, software and network.

The antivirus company Sophos warned of new Sobig variant around mid-September. Blaster, Sobig, and other worms and viruses are still causing havoc and slow networks around the world. Use preventative measures to ensure your business doesn't become a victim!

Bil Bragg
Operations Director
Dionach Ltd

Dionach are a BS7799 accredited network security consultancy.

Dionach - real security in a virtual world

 

 

With Dionach you get:

• An efficient, friendly and flexible service
• To talk directly to the experts
• Straightforward assessment reports that get to the point
• Complete confidentiality and utmost discretion