|
|
Advanced
How To Guides
eSecurity
11.
Risk network security: Virus protection
The
objective of an anti-virus policy is to address the
risk of malicious code being introduced into the company's
networks. Nearly all companies use virus-scanning software.
This software does not make any computer network completely
safe. New viruses are constantly being developed. The
only way to stay informed of new viruses and anti-virus
upgrades is to keep reading the security web sites,
articles and publications such as SANS, Microsoft (www.microsoft.com)
and IBM (www.ibm.com).
If upgrades to virus scanning software are released,
do not waste time; upgrade your systems immediately!
Companies
are now buying Anti-Virus software solutions that allow
real time upgrading of systems with anti-virus patches.
The anti virus software is stored on a network server
and, periodically, the software automatically initiates
a connection via the Internet to the anti-virus software
website. The software then automatically downloads any
new patches from the Internet and applies these patches
across the network. Obviously, this functionality may
be limited by the fact that the network system might
only have limited access to the Internet . But if Internet
access is 24x7, then anti virus control may be 24x7
also. Examples of this type of software are McAfee,
Symantec, F-Secure and Trend.
Guidelines:
Key policies should include the following:
-
A Virus Scanning Procedure that is documented and
published to all employees
-
All desktops and laptops in the system should contain
virus-scanning software.
-
All Internet email gateways and web proxies into
the network should use virus-scanning software.
-
Documenting the process of what to do when an intrusion
is detected or a virus is identified.
-
All source/destination addresses and high level
content information should be logged for all Internet
gateway devices.
-
A log review procedure to be documented and followed
for each Internet gateway device
-
System administrators or users immediately should
be alerted to viruses. Infected files should be
deleted or quarantined.
-
Anti-virus software on all installations should
be updated at least monthly, or better still should
be updated automatically as mentioned above.
12.
Back-up and Recovery - Create a Plan B
In
case of a natural disaster, denial of service attack,
systems infected by viruses etc. ensure you have a well-documented
and communicated back-up recovery plan. An example of
this includes having manual procedures in place to take
orders or other functions that depend on system / web
site availability. An effective plan should include
information about the critical applications and functions
that are needed during a disaster. The plan also should
contain information regarding emergency communications,
office space and workstations, data communications and
telephone service, processing hardware, computers and
networks architecture, application software and data
and physical infrastructure. Translated this means you
must know where you can go to set up an office that
has phones & Internet access, what processes need
to be restarted, what is the minimum number of computers
and servers you need to get up and running, where back
copies and software copies can be located to load onto
the temporary system etc.
Guidelines:
-
Ensure back-up procedures are in place and tested.
-
Ensure back-up procedures include all your back
office system such as finance, payroll.
-
All process steps should be labelled as either manual
or automated to assist in developing contingency
planning or manual procedures for the automated
processes in the event of system failure.
-
All third-party software should be copied prior
to its initial usage, and such copies should be
stored in a safe place. These master copies should
not be used for ordinary business activities, but
should be reserved for recovery from computer virus
infections, hard disk crashes and other computer
problems. These master copies should also be stored
in a secure offsite location.
| |
