NULL
2773 NULL
2775 NULL
2776 NULL
2777 NULL
21384
Network administrators
frequently ask two questions about viruses: What is the best way to
protect a network from virus attacks? and What is the best virus
protection software for servers?
The purpose of virus
protection is to maintain data integrity by preventing outside
agents from accessing and modifying that data. Because a network has
many different components, there are several entry points for
viruses to attack the network. Given below is a description of how
to protect your company’s network from virus attacks, identify
points of entry and implement appropriate protection.
Eyes on the
server
size=2>
There are many misconceptions about virus attacks. The
first misconception is that the server is the primary target for
virus attacks on a network. Although a lot of virus-protection
software play off this misconception, it is still just that–a
misconception.
You must protect your
company’s network against two types of viruses: file viruses, which
attach themselves to binary code such as application files, and boot
sector viruses, which attach themselves to executable code. Viruses
spread when a user opens or runs an infected file on a
computer.
A virus cannot spread if
the user does not run the infected file directly on the computer. As
a result, the NetWare server console is secure from virus attacks
because you cannot run an infected DOS or Windows 95 application on
the NetWare console. The same is true of viruses that are written to
infect Macintosh or UNIX workstations. Because you cannot run
Macintosh or UNIX programs on the server console, such viruses
cannot attack the server itself.
However, the server console
becomes vulnerable when you reboot it–before NetWare is loaded, you
can access DOS on the server. At this point, you could insert an
infected diskette into the server’s diskette drive and unknowingly
run an infected file.
Infecting the server at
this level can cause problems when you copy files such as updated
versions of the SERVER.EXE file, or LAN or disk drivers to the DOS
partition. This virus infection might also cause RAM integrity
problems when NetWare is running and you are performing DOS access
operations on the server’s A or C drive. For example, updating
drivers from the server console or installing new services on the
server could cause RAM integrity problems.
To protect the server
console when it is in DOS mode, you should install a DOS
virus-protection utility on the server’s DOS partition–C drive–and
run it whenever you need to perform any such operations as copying
files on the server’s C drive. However, you should not leave the DOS
virus-protection utility in memory. Since you will not be using this
utility when NetWare is running, you can free up server
resources.
You should also install
server-based virus-protection software. Several companies such as
Network Associates, Symantec Corp, and Computer Associates offer
this software, which allows you to check every read and write
operation made on the server.
For most networks, you can
configure the server-based virus-protection software to perform
scheduled checks on the volumes mounted on the server. Most viruses
enter the network through workstations. Checking each read and write
operation on the server may not detect viruses introduced on
workstations.
By running scheduled checks
on the server, you provide adequate protection for the server and
improve its performance. You can also schedule the check to coincide
with other disk operations such as backup.
Prime
target
The
second misconception about viruses is that if you run
virus-protection software on the server, your company’s network is
secure. Although that particular server may be protected from
viruses, the entire network is not secure. You must protect the
network at the point of attack at which the virus has the greatest
potential for entry to the network.
The most vulnerable part of
your company’s network is the workstations. If you run
virus-protection software at the point of entry–in this case, each
workstation–a virus cannot attack the local drives on the
workstation. Then a virus-infected file cannot be transferred to
another workstation on the network.
By providing
virus-protection software at the workstation level, you are
providing the highest level of security against attack.
Unprotected
workstations
size=2>
Suppose a network administrator installed
virus-protection software only on the server. By configuring this
software to scan all read and write operations in real-time, the
network administrator is confident that his company’s network is
protected against virus attacks.
Now suppose a user downloads a
file from the internet onto a diskette in his workstation’s A drive.
The user then runs the file to install a utility on his
workstation’s C drive and makes copies of the diskette to give to
other users.
The user’s workstation
would be infected as soon as he runs the file he downloaded. The
virus would quickly and easily spread to all of the files on his C
drive. Of course, all of the users who run the same file would also
infect their C drive. Since no read or write operations were made on
the server, the virus-protection software running on the server
never has the chance to check the infected files. As a result, the
company would have a full-blown virus infection and no way to stop
it. Worse, the network administrator might not be notified about the
problem until users begin experiencing serious problems on their
workstations.
Protected
workstations
size=2>
Suppose that the network administrator had installed
virus-protection software on the workstations as well as on the
server. Also suppose the network administrator had configured the
virus-protection software to check all read and write operations to
all local drives including floppy diskette, ZIP, JAZ, or CD-ROM
drives. If a user downloads a file from the internet and saves this
file to the A drive, the virus-protection software would alert the
user when a virus is found in the file.
Now suppose a user brings a
diskette from home and inserts the diskette into her workstation.
When this user attempts the first file read, the virus-protection
software would alert the user that a virus has been
detected.
Alarms for
virus
size=2>
Some virus-protection software may be NetWare-aware and
include a server component. In this case, you can configure the
virus-protection software running on the workstations to send an
alert to you or another network administrator when a virus is
detected. You will then know when a user is trying to save or run an
infected file.
Because more and more users
are accessing the internet, many virus-protection manufacturers are
releasing internet virus-checking programs that actually read the
data stream being downloaded. The programs read the data stream
whether the user is using a modem or LAN connection. As soon as an
internet virus-checking program detects a virus signature in the
data stream, this program aborts the download and sends the user an
alert. The virus never even makes it to the user’s
workstation.
Virus-protection
manufacturers are also providing safeguards to prevent users from
disabling virus-protection software. You can configure the
virus-protection software so that a workstation cannot connect to
the network if this software is disabled or uninstalled.
You can
use this feature to ensure that all workstations are protected and
cannot spread infected files. Although implementing this feature
involves more configuration time up front, it reduces the network’s
exposure to virus infection.
If the virus-protection
software you are using on the server and workstations is from the
same manufacturer, another feature may be available–you may be able
to configure the virus-protection software to send an alert to you
or another network administrator if a user attempts to log into the
network from a workstation that does not have virus-protection
software.
Virus
carriers
Another
common misconception is that email messages themselves can contain
viruses. Many email messages contain dire warnings about email
viruses. According to these warnings, simply opening an email
message that has a certain subject line such as ‘You Are A Winner’
will destroy your entire hard drive.
If you receive an email
message warning about opening a certain message, don’t be alarmed.
You cannot get a virus simply by opening an email message. The email
message that contains such a warning is a virus hoax, making you
worry about events that cannot happen.
Although you cannot get a
virus via an email message itself, you can receive an infected file
as an attachment to an email message. To protect your company’s
network from being infected by a file that is sent as an attachment,
you should ask users to follow these simple rules:
- Never open a file that
is attached to an unsolicited email message from an unknown
sender. If you don’t know who sent the file or if you did not
explicitly request the file be sent to you, you should simply
delete the email message. Do not open or download the
attachment.
- Never open an attached
file directly into an application, such as Microsoft Word. The
Concept virus (a Word macro virus) spread quickly because many
users had configured their email application to automatically open
.DOC files in Word. You should configure your email application to
prompt you before opening an attached file.
- Open an attached file on
a removable media device first. By opening files on a floppy
diskette, ZIP, or JAZ drive, you can properly scan the file for
viruses. You are also less likely to infect other files on your
workstation’s hard drive.
- Immediately after
opening a file, run a virus check on the file. Although
virus-protection software runs background checks, you should not
rely on these background checks to test all files written from
email attachments.
- Do not run any file you
receive via email until you have run a complete virus check on the
file. Because email attachments can be infected with viruses, some
email manufacturers and virus-protection manufacturers now offer
email virus-checking software. This software actually runs on the
email server and checks all email messages being sent and received
for viruses. Email virus-checking software can notify you of
infected attachments before the intended recipient even has a
chance to open the infected file.
User
Onus
To
protect your company’s network against viruses, you need to evaluate
the entire network and provide the appropriate type of protection at
each point of entry to the network. When creating a virus-protection
plan for your company’s network, follow these simple
steps:
- Configure the
virus-protection software running on the server to perform
regularly scheduled checks on all mounted volumes on the
server.
- Install a virus-checking
utility on the DOS partition of the server. If you shut down the
server and perform maintenance tasks at the DOS prompt before
NetWare is loaded, you could introduce viruses on the C
drive.
- Install virus-protection
software on every workstation attached to the network. You should
configure this software to check every read and write operation to
all drives, including removable media drives.
- If your company uses the
internet frequently, you should consider purchasing an internet
virus-checking program. Some of these programs are add-ons to
firewall products, and some are stand-alone gateways that sit
between the router to the internet and your company’s
network.
- If your company receives
a lot of email messages that contain attachments, you should
consider purchasing an email virus-checking program.
- You should teach users
how to manually check files for viruses. You should also implement
a company-wide policy that provides guidelines for bringing files
from home, downloading files from the internet, and distributing
these files. This policy should, at the very least, make users
responsible for performing a manual virus check on each file and
diskette.
MICKEY APPLEBAUM
Excerpted from NetWare
Connection
Courtesy: Novell