It's becoming a daily fact of life: Worms and viruses continue to bombard our networks. And according to a report from SANS, it's only going to get worse. While laws are in effect to stop this malicious activity, hackers keep writing, and networks continue to suffer from their code.
Depending on your operating system and the programs you run, there are literally thousands of viruses and worm exploits on the horizon that your systems are vulnerable to. Here are a few of the latest threats:
A common thread
Of all viruses and worms, 99 percent are destructive or disruptive to your network, and they share a common thread:
Let's look at some steps you can take to strengthen your systems in these areas.
Every e-mail service worth running on your network has the ability to strip harmful attachments. Some do it through the SMTP relay, and some implement this protection at the host via a security fix.
If you're stripping dangerous attachments, there's really no need for antivirus protection at your mail gateway. You should strip anything that can execute code (.vbs, .exe, .pif, .bat, etc.) before users see it in their mailbox. If you want to stop viruses, stop the attachments that spread them.
If you block or filter inbound and outbound well-known ports (such as UDP/TCP 135 through 139 and 445) on your network, you can prevent most worms from unleashing their destructive payload. But blocking harmful ports is a task that will never end.
Instead, only allow those ports necessary for your network to operate, and deny everything else by default. Workstations propagate most viruses and should never receive a connection to a low port from the Internet. Servers should never receive a low port connection from the Internet unless they're specifically providing that service (e.g., Web, port 80, SMTP, port 25, etc.).
According to the SANS report, most vulnerabilities target exploits that are as old as two years. Only a small percentage target exploits less than six months old.
The time between the announcement of a vulnerability and the publishing of an exploit has decreased. It's still a fact, however, that patches reduce exposure to harmful code.The short time period between the announcement of a flaw and the launch of an exploit means that administrators must react more quickly to close security holes, either with workarounds or by applying patches.
Viruses, worms, and exploits will continue to invade our networks. If you want to prevent them, stop harmful attachments, filter and block harmful ports and programs, and patch your systems. Laws can't always protect your network—but good administration can.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.