Protect the Network: Nine steps managers should take to stop virus attacks

by Loraine Lawson | May 23, 2001 7:00:00 AM

Tags: Loraine Lawson

Takeaway: Nine steps that managers should take in the case of a virus attack

Vincent Gullotto, the senior director for McAfee’s Anti-Virus Emergency Response Team (AVERT) has had a hand in detecting and destroying more than 57,000 computer viruses.

That is his job and his bias, of course. But Gullotto believes that virus detection should also be a top job for IT managers, who face a growing virus threat.

His international team is responsible for identifying new viruses and developing the fix. They create the detection DAT file and engine component that work together to detect and remove viruses. But detecting and fixing viruses are only two elements of virus protection.

Gullotto, the keynote speaker at the recent E-Security Conference and Exhibition held in New York, said in a telephone interview that IT managers “…can’t afford to do anything less than what we do” and should adopt a set of proactive virus protection policies and procedures.

That’s a hefty statement, considering it’s Gullotto’s business to provide virus protection. Gullotto offered these nine steps you can take to develop an effective antivirus program, no matter what software you adopt. According to Gullotto, IT managers should:

Determine whether or not antivirus protection is available at all entry points in the network, including the Internet gateway, mail server, file server and all desktops. If you cannot afford that level of protection, you should take steps to add protection to all desktops, he said. According to Gullotto,“Ultimately, they should have full protection at the desktop level because that’s where the virus starts.”

• Ensure all antivirus software at all points of entry is updated regularly.
• Establish security policies. The policy might include:
• A requirement that all desktops have antivirus detection
• A provision for scanning all files on command or access
• A provision against downloading files from the Internet
• A requirement that all virus detection runs in the heuristic mode, which will look for patterns as well as viruses and can mean earlier detection
• Assign each staff member a virus or form of attack to research and monitor. For instance, some of Gullotto’s staff focuses on Linux, while others are charged with monitoring denial of service (DOS) attacks. Gullotto recommended the Usenet group alt.comp.virus as a good resource for keeping up with trends.
• Require that at least one member of your staff attend a security conference.
• Encourage IT workers to participate in local user groups.
• Make sure you’re familiar with what sort of support and help your antivirus vendor offers. Most offer some advice and support for top-tier customers.
• Create an outbreak checklist that delineates how your staff will recover after an outbreak, he said. After the Melissa virus hit, McAfee defined the steps to be taken internally during an outbreak. The checklist outlines each step needed to mobilize your staff during an outbreak and how to update servers within 90 minutes.
• Find new ways to justify the expense of security. Gullotto said IT managers have done a good job of increasing security over the past couple of years. However, obtaining funds for security is still a challenge. One way to show agency executives the value of security is to explain the cost of network downtime. You should also determine where viruses enter your network and identify products or procedures that will address the problem.

---

How do you justify security costs?
Gullotto offers good advice for justifying security expenditures, but it remains a challenge for many IT managers. In "Eight tips for justifying security infrastructure investments," we outlined SAN’s recommendations for convincing executives to invest in security infrastructure. Now we’d like to hear your suggestions for securing security funds. We’d also like to hear what challenges you’ve faced when trying to finance security. Post your suggestions or challenges or e-mail us.

---

 

Print/View all Posts Comments on this article

The 10th Step JennyH | 05/23/01

Well said tvranalli | 05/23/01

Protection worse than virus ? jlloyd@... | 05/24/01

Noodleheads! Shanghai Sam | 05/24/01

Not the point tvranalli | 05/24/01

noodleheads redux offtheair@... | 05/25/01

Shanghai Sam | 05/25/01

reply to just wondering Shanghai Sam | 05/25/01

We agree tvranalli | 05/25/01

RE: Noodleheads MZARN | 05/29/01

You can not afford to be without kipod@... | 05/28/01

Protection needs to consider impact on operations dick.butler@... | 11/04/03

kg@... | 05/28/01

downloading from the internet? dirkfour4@... | 05/28/01

Exactly! doom1701 | 05/29/01

The best protection is ... John Iosub | 05/29/01

It still comes down to MONEY alexwva@... | 06/23/01

Unique Identifiers ahale@... | 05/29/01

Keeping up with the threat Anti-Virus Researcher | 05/27/01

Viral Attacks Joanne Lowery | 05/28/01

The user as the weak-link. JDBailey | 05/29/01

But sometimes they are jwjohnson@... | 05/29/01

Offensive. The best protection is ... John Iosub | 05/29/01

#1 don't count on users. Jessica Lynn | 05/29/01

Real-time Backup=Final Line of Defense Shanghai Sam | 05/29/01

Everyone needs to help! MZARN | 05/29/01

Outbreak Checklist MWH | 10/11/01