Internet Security: Keeping Viruses at Bay
Dr. Seamus Phan
The safety, security, and protection of our computers and our Internet systems becomes more important with each passing day. The recent series of new viruses and the emergence of “worm” programs during the recent months well illustrate that computer security has gone from being merely a prudent precaution and has become a necessary responsibility. While the damage that cyber-vandals, hackers and virus/worm programs can cause is quite serious, the preventative measures available to us today are relatively inexpensive, very effective, and quite easy to obtain and install onto our systems. Everyone who uses or in any way relies on the Internet can quite easily take immediate precautions not only to protect their own systems, but to strongly urge the protection of any systems they rely upon (uni versity networks, banking and financial networks, local and national government networks, et cetera). This article is our latest in an ongoing series of articles by renowned Internet security expert Dr. Seamus Phan.
Recently, QuickTime movies became infested with the IRC worm, Missy.A, after the encoding process. Fortunately, I was using a Mac and such worms do not affect this platform. Further, my anti-virus application detected this every time and eradicated the worm on every encoding process.
Since some Mac applications are written in a cross-platform manner with Windows-specific DLLs (dynamic link libraries), it is possible that the worm may have found its way into some of these libraries, thereby infecting the program, creating havoc in the encoding process. The cure? First, identify the encoder and do a clean install, which is not too hard. Second, keep the anti-virus application running and up-to-date.
But imagine if I were using a PC running Windows. The worm would have taken its full course, including that of deleting antivirus directories and system files. In this scenario, the antivirus application becomes even more critical, and without one, you are assured of computing suicide within a short time.
This worm is not new, and it is supposedly spread through IRC chat channels, by using any of the applications used for these purposes: mIRC and pIRCH98. It infects the computer by making use of the connection when these chat applications are run.
Best PracticesFirst, corporate best practices should have you disable chat applications in your network, since these are usually not related to work and take up bandwidth. The corporate usage policy should have precise statements circulated to all computer users that only endorsed applications can be installed, and other applications must only be installed with written permission from the network manager. This is to prevent cases where Trojans, worms and other forms of intrusion can be exploited.
Some form of random checks like software inventory control applications should be installed on client PCs, to ensure compliance and reduce overall corporate risk. It is unfortunate and intrusive, but it is a necessary evil to achieve compliance and surveillance.
Another related issue is bandwidth management. Just last month, the bandwidth consumption on my net-work increased by 100% due to Code Red worm port scanning attempts. Because our network has no Port 80 services, Microsoft Windows or IIS services, no real damage was done. However, the persistent scanning every other second did increase the network utilization.
DIY Network MonitoringOne way to test is to be your own intruder and run a variety of network monitoring tools to check if there are open ports, unused services, or vulnerable operating systems not updated with patches yet.
If you are running Unix, Linux and Windows NT/2000 platforms, you should check if downstream client workstations have disabled all services except the necessary ones. For example, client platforms should not have httpd running, nor should they have external telnet access.
Also, ensure that client platforms are not running peer-to-peer services, such as Hotline, Carracho or even Napster or Napster-like services, which suck up bandwidth. Less experienced network managers may not even know that these services are running even after employees who are running them have gone home for the day.
As a fellow network administrator, my advice is to keep a keen eye on what’s going on in your painfully put-together network running on precious bandwidth, and don?t allow errant services and less careful users to create holes in the network. It may not be the greatest job on earth, but someone’s got to do it.
Dr. Seamus Phan is a world-renowned authority on the technical security aspects of the Internet. Dr. Phan serves the BWW Society as Founder and Chairman of the Internet Security Committee, which is designed and conceived to gather and share information on the latest computer and Internet threats, to provide immediate information on technology’s newest developments in the prevention of Internet-relat ed security problems, and to increase and enhance all forms of Internet Security.
[ BWW Society Home Page ]
© 2002 The BWW Society/The Institute for the Advancement of Positive Global Solutions