The majority of the larger AV vendors such as Sophos, Symantec, and McAfee do provide comprehensive packages that incorporate anti-virus, anti-spyware, anti-spam, personal firewalls and so on. Some engineers have voiced concerns in regards to the ‘all your eggs in one basket’ factor because you’re relying solely on one vendor to provide all of your protection. These ‘all inclusive’ packages are relatively recent developments and from what we’ve seen, there can be problems with these packages such as severe performance degradation in some PCs being the most common criticism. However for my money, using one of these packages does provide obvious compatibility and integration. We would recommend using a centrally managed rollout for all of your networked PCs and individual installations for your laptop users.
 

It seems technology has gone full circle on this one. Years ago we were all wary of potentially infected floppies – direct physical infections. These days we know the majority of infections are acquired via Internet connections. This seems to have left the direct physical infections sort of forgotten about. Many users nowadays burn their own CDs and DVDs, or they use USB devices to transport their files – all of which can potentially migrate infections onto your machines. Safend, PestScan or GFI all offer products that can be centrally managed from your networked server, to prevent the use of USB and FireWire ports, Wi-Fi and Bluetooth adapters, CD ROMs DVD ROMs etc.

The ready availability of portable storage, whether memory sticks or portable media players, requires network protection against the threats borne by these devices. Such devices can harbour viruses or malware that can lead to an outbreak internally, through a USB, Firewire, Bluetooth or infra-red connection. This method of transfer is all too easy. Something as simple as a 4Gb memory stick can carry an awful lot of documents in a very small space.

It's not difficult to prevent these devices from being used to steal data and there are a number of device control products that effectively lock down the USB and Firewire ports on a desktop PC and that also prevent Bluetooth and infrared connections too. Such applications can be configured with policies to allow access to certain groups, or at certain times and to a limited range of devices, such as printers.

Most products designed to address this issue typically are installed on the server and then scan the network for devices. Some can roll out an agent to each machine on the network. Alerts for when someone tries to attach a device to the network are automated and can be sent by e-mail or SMS. The system can be configured to prevent people from attaching the device until they get the necessary permission or it can be designed to allow them to attach the device while sending an alert, giving the administrator the opportunity of catching someone in the act of attempting to steal data.

Port scans should be run to ensure adequate firewall protection is installed. Also, it’s important to ensure that all devices, servers and PCs are running a commercial grade, up-to-date anti-virus and anti-spyware solution.

How should data access be managed?

You should only grant specific rights that are actually required to user on the network. A common mistake made by SMEs is to give everyone full access to everything. There should be tiered access rights on all data and using modern operating systems, these rights can be managed right down to single files.

Software such as DeviceWall or Safend can be installed to prevent removable drives — e.g USB pen drives, flash cards, removable hard drives and even CD/DVD burners from being used. These applications can be configured so that a request is automatically sent to an administrator; the administrator can then allow the removable device to be used for a limited amount of time or not at all. By using these types of blocking applications, you’re stopping malware and viruses from being brought into the network from such devices but you’re also preventing the theft of data from your network. For example, an entire customer database could easily be downloaded on to one of these USB pen drives.

Most definitely. The ubiquity and necessity of email requires commercial-grade filtering. Infected email and their attachments, spyware and just about all other types of malware can be transported directly into your network through email. Companies need to manage both inbound and outbound email by limiting the size of emails, restricting the type of attachments, imposing connection filtering and so on.

There are companies offering off-site filtering whereby your mail is sent to a hosted mail server on the internet that filters the mail before you receive it. There are also many options for filtering email internally using software such as PureMessage or MailMarshal or by using hardware devices such as a Barracuda or a SonicWall Email Security.

There is more anti-virus, anti-spyware and email filtering happening at the firewall, but you still have to be scrupulous when it comes to ensuring that every individual client – PC and server – is also running anti-malware software.

Security is all about having multiple layers throughout the IT environment because traditional network boundaries have been blurred and the perimeter is no longer the only way in. Employees bring in their own programmes, use laptops that have been logged on to external networks and visitors come in and connect to your LAN.

Security policies have to be in place and rigidly adhered to. Organisations are starting to lock down USB keys and any connected devices that might contaminate the network. The Downadup/Conflicker virus that attacked computers earlier in the year spread through USB ports so it is recommended that the Autorun feature used for such plug-ins is turned off as a precaution.

Such policies must be implemented without exemptions. One exception, with one infected USB key, can see all the good work undone.

Much of security is about better management and putting preventative measures in place. Often Ergo is called in when the damage is done and organisations are fire-fighting and trying to control a breach.

Radical action is necessary with security sweeps, deletions and an overhaul of the entire IT infrastructure. Such measures can be costly to a business at a time when there is little room for unforeseen expense. Preventative maintenance is always better than the painful cure.
 

With all the attacks and vulnerabilities that have been highlighted over the years you would think that organisations would be more ready for the inevitable threats that emerge but unfortunately it is not the case.

Right now, the Downadup/Conflicker Windows virus is one of the most virulent we have seen, infecting networks and personal computers at unprecedented speeds. Three months ago Microsoft released a patch for the vulnerability that the virus exploits but companies are still getting infected.

This suggests an ongoing failure to deploy effective patch management procedures. And we still come across networks where the company is running anti-virus software that expired months or in some cases, years ago.

Basic housekeeping around security is being neglected. Why?

Complaceny. A few years ago there was a huge drive to prevent spyware and a flurry of activity to cope with a spate of threats. When that subsided, people moved on to something else and the solutions were left largely unattended.

It is a common cycle that we see with security – there is a wave of activity and then nothing. Organisations should be monitoring and managing their security on an ongoing basis or work with a service provider who will do it for them.

Yes. When there is no major impact on the business companies assume there is no breach. They don’t think they have any issues but quite often there may be a malware infection or subtle network breech of which they are unaware.

There may be some degradation in performance caused by spyware and viruses but because applications are still running reasonably effectively people sometimes make the mistake of thinking they need to upgrade their hardware, even entire servers, failing to address the real problem.

 

Definitely. There is more anti-virus, anti-spyware and email filtering happening at the firewall, but you still have to be scrupulous when it comes to ensuring that every individual client – PC and server – is also running anti-malware software.

Security is all about having multiple layers throughout the IT environment because traditional network boundaries have been blurred and the perimeter is no longer the only way in. Employees bring in their own programmes, use laptops that have been logged on to external networks and visitors come in and connect to your LAN.

Security policies have to be in place and rigidly adhered to. Organisations are starting to lock down USB keys and any connected devices that might contaminate the network. The Downadup/Conflicker virus spread through USB ports so it is recommended that the Autorun feature used for such plug-ins is turned off as a precaution.

Such policies must be implemented without exemptions. One exception, with one infected USB key, can see all the good work undone.

Much of security is about better management and putting preventative measures in place. Often Ergo is called in when the damage is done and organisations are fire-fighting and trying to control a breach.

Radical action is necessary with security sweeps, deletions and an overhaul of the entire IT infrastructure. Such measures can be costly to a business at a time when there is little room for unforeseen expense. Preventative maintenance is always better than the painful cure.