Enter your email address
bellow and click subscribe
Subscribe
Click here to get our White paper

Anti-Virus

anti-virusAs the nature of malware threats have evolved in recent years, managing antivirus to counter these threats has evolved with it. Where the first virus transmitted slowly through floppy disks, the advent of email viruses reduced propagation times of months, to days.

Further evolution of malware has presented the threat of network worms. Unlike any malware before it, network worms require no user interaction to spread and cross the globe with propagation times measured in minutes. Further increasing the difficulty of stopping these attacks are the use of zero day vulnerabilities - malware which exploit vulnerabilities published days, or even hours before the malware is released.

Historically, malware was written to improve social standing, prove a technical concept, or to deliver a political message. These viruses rarely contained a malicious payload. However, increasingly malware has been coded to perform more dangerous and deliberate functions.

"Botnets" containing tens of thousands of infected computers are for sale to the highest bidder. Common uses are spam distribution, or denial of service attacks. Key stroke loggers provide hackers with passwords to internet banking and internal systems. No longer is Malware a "pest" causing system unavailability, but a threat risking total information system compromise and direct financial loss.

As malware authors develop more sophisticated propagation and payload mechanisms, server and desktop antivirus is no longer sufficient to effectively control these threats. Like all other security controls, antivirus must adopt a defence in depth strategy. Features of a well designed antivirus policy include:

  • Protection at the gateway
  • Protection at the end point (servers, desktops)
  • Segregation of networks devices by trust (e.g. Internet facing systems separated from internal systems)
  • Segregation of networks devices by function (e.g. assign one VLAN per department)
  • Intrusion prevention
  • Operating system patching and hardening.

These practices ensure that should any single system fail, the next layer of defence contains the malware, effectively creating a situation of "defence in depth". The expenditure on the additional layers in such a strategy have demonstrated substantial returns on investment, when compared to a single malware infection.

Other strong antivirus practices include:

  • Network access control - prevent unprotected devices from joining your network
  • User education - Train staff to recognise suspect attachments
  • Enforce a trusted content model - do not permit a trusted user to execute any code that has not been certified as trusted through a thorough scanning process
  • Reduce vulnerable hosts - Remove all functionality and block all file types that are not required to satisfy business requirements
  • Reduce resources available to unauthenticated users - e.g. password protect shares filter access to unauthenticated users
  • Perform regular updates of antivirus, intrusion detection, operating systems
  • Perform regular scans
Copyright © Content Security Pty Ltd. All rights reserved Website by Sydneyweb.