by December 2, 2003 0 comments



While earlier viruses spread through floppy disks, now they spread through e-mail or the Internet, exploiting vulnerabilities in the OS itself. Unlike normal viruses, which generally affect a single machine, Internet worms can bring down the entire network. To fight these threats you need certain tools. First, is an anti-virus to prevent against viruses and worms. Second, is a firewall to stop unwanted traffic from flowing through your network. Third is an anti-spam to stop your employees being bombarded with spam mail, that may also contain viruses. These can be implemented at both the desktop and the server.

Some cases may even require an integrated implementation spanning across the desktop and the server.

Essential anti-virus

Desktop protection 
In a small workgroup environment with no centralized control, desktop anti-virus software is the best option to use. Some of these are McAfee, Norton, PC-Cillin and Sophos. Then there are some free solutions available like AVG anti-virus. The issue here is, which product to choose from and also should you stick to only one product or use different products. If you use a single product then you do save in maintenance, support and money, but it may not be able to detect a virus attack affecting all systems simultaneously. This however, can be avoided by using multiple products as they may be able to detect new virus by at least one of the solutions.

Server protection 
First list the services your servers are running and then buy anti-virus software for those services. Options include anti-virus for file servers, mail servers, groupware such as Domino and Exchange. You can buy a solution for your current services running and buy additions to them when you install new services.

MAIL FILTERING
While one can use mail filtering provided by e-mail clients to fight spam, one has to manually update the list. Also, they do not use special mail screening methods used by anti-spam software such as SAProxy, Spam Fighter, Ella for Spam Control.

Integrated protection
For bigger organizations with 50-200 users, a single managed solution is recommended over separate anti-virus for desktop and server. Leading anti-virus vendors provide small business solutions that provide complete protection to the desktop, servers and gateways with single management interface and enforce a common policy for all systems. The desktop systems run in a managed environment updated with latest virus definitions and schedule scans can be enforced on them during office hours.

Other things to look for
A good anti-virus should provide real-time mail and instant messenger scanning and also look for Trojans, ad-ware and key loggers, etc. It should provide alerts in case of a virus attack and detailed reports on virus detection and policy enforcement across the organization. It should also provide regular virus updates and support in case of a virus attack.

Essential firewall 

Network firewall
For a big organization, of 100-200 users, it is extremely difficult to maintain a personal firewall at each node so a network firewall is a much simpler solution. A network firewall sits between your corporate network and the Internet router. It comes in two flavors, hardware and software. A hardware firewall has specialized software embedded on a flash memory and a software firewall is made of normal PC based components running on a stripped down version of some OS–Linux with Iptables (netfilter) rules or a Windows machine with firewall software running. A hardware firewall requires little configuration.

To update the hardware firewall (as new vulnerabilities are detected) one has to depend on the vendor to release updates and there is nothing the user can do himself. On the other hand, software firewalls are fully user configurable and users can add or delete new rules easily, but this requires high degree of technical expertise and a network administrator to manage the firewall.

Personal firewall
Organizations that cannot afford a dedicated firewall device can implement personal firewall on each user’s desktop. A personal firewall is a piece of software, which filters all incoming and outgoing data on the user’s machine and only allows user permitted data to flow to and from the machine. It comes in various options, starting from free software like
ZoneAlarm, to commercial software like Norton personal firewall. Though a good option to implement in smaller networks, strict firewall rules need to be managed for all users, otherwise the entire network would have to pay for a single user’s carelessness. 

Essential anti-spam

Spam control at client
The best way to fight spam is by practicing precaution. Don’t subscribe to suspicious website and fill up too many online forms. A good way is to have a free e-mail ID to register to all these free sites and if you get filled with spam, just dump that ID and create a new one. Also don’t unsubscribe to spam mails, as this confirms your e-mail ID for more spam. The next step is to create rules for filtering e-mail. You can classify a mail as spam and block it. Most e-mail clients such as Outlook

Express, Outlook, Eudora, etc provide this feature. You can also use specialized software with their own blacklists and rules to filter incoming mails. Most of such software fit as plug-ins for your mail client and can be customized for filtering rules. They also have an option of updating the blacklists through the Internet. SAProxy is a highly accurate spam filter and can learn from new spam as it is detected. Other useful anti-spam software are Ella for Spam Control, Spam Fighter and Spam Nullifier.

Spam control at server
Now to resolve the issue of wasted internet bandwidth one needs to fight spam at the mail server, both incoming and outgoing. As spam control at the client makes ensures just that your inbox is not filled with
spam. 

For incoming mail server, it is important that the POP or IMAP server checks all incoming mail and filter out spam before passing the mail to the clients. For this, one can use special paid or unpaid filters for the mail server. Spam Assassin is a very popular mail filter for that. Alternatively, you can use DNS black lists, easily available on the net, which can be used as DNS records to decide whether or not to accept mail from domains in the DNS black list records. 

These policies can be defined directly from the mail server. The second part of fighting spam on the server is to stop spam from going out through your SMTP mail server. Software such as Symantec anti spam and anti virus for SMTP gateway or McAfee Spamkiller filtering based on the content of the outgoing mails and uses a set of policies to detect spam. The set of policies is user configurable and also can be updated through the Internet.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.