Virus Detection and Prevention Best Practices

The virus attacks could have been avoided if we used hardened passwords on the windows login as well as the third party application that was provided to us, enabled auditing, and patched all computers with the latest Microsoft security updates. At the time, we did not have a patch management system in place and we could not force a password policy due to the fact that most of our end-users are non-domain members. Due to these issues, we were exploited by these vulnerabilities. “Nine out of ten break-ins reported to CERT, the Computer Emergency Response Team, exploit known vulnerabilities” (Shostack, 2003, p.2). The purpose of the document is to provide security administrators detection and prevention techniques we use in our organization to help prevent outbreaks.

In early years, viruses were relatively easy to find and fix. Most viruses propagated by floppy disk or LANs. Now, virus authors are exploiting the operating system of our computer, the internet, peer-to-peer technology, and other developments to write viruses and worms that invade the computer (Edwards, 2001). The scary thing is the time between the announcement of vulnerabilities and the release of applicable exploit codes is just 5.8 days (Palmer, 2004). We have had four virus propagations that have wreaked havoc not only on the desktops, laptops, servers and routers of the organization, but the lives of the employees that work here. Although the cost of recovery is important, the primary concerns here are how the viruses are getting in, what are we doing to detect them, and what actions are we taking to prevent another attack.

Linked by shanmuga Friday, 16th December 2005 6:57AM