Document Sample
Defender_Virus_Checklist Powered By Docstoc
					D E E P B L U E C R E A T I V E I N C.

Virus Survival Checklist
           How can you protect yourself against the damage and losses associated with the initial outbreak of a new
virus? By following the steps I outline here, you can improve your odds of surviving an initial outbreak and preventing
future reoccurrences. If you already have virus protection in place, you can use this article as a checklist to help you
further reduce the chance of a virus outbreak in your organization.

What's at Risk?
          Understanding the problem, and the nature and scope of the risk to your organization must be done before
you can implement any type of solution. Viruses used to be transmitted via floppy disk and only onto a stand-alone
computer system. Now viruses enter from many places, email, over the network and destroy valuable information.

As your organization becomes more networked and Internet dependent, the risk of losing systems, servers and data
translates directly to loss of business and possible bankruptcy.

Keep Current
          Make sure you are kept up to date on the latest in virus prevention. There are many good websites, articles,
and newsletters available to you. Your Anti Virus provider’s website will have lots of useful information and is a great
place to start. Set reminders for yourself to visit these sites regularly, you do not want to fall behind!

Build and Thoroughly Test your Disaster Recovery Plan
           There is nothing worse than being hit with a virus and having no Recovery plan. People have lost their
positions in organizations due to lack of a Recovery Plan. By assuming the worst can happen, you can drastically
minimize the impact a virus will have on your organization. An excellent method to see if you Recovery Plan is robust
is to do a live drill. The key is to know your Plan inside and out, thus reducing the chances of error during the recovery
phase. Alternatively, you will find out the shortcoming of your plan, after a viral attack has permanently damaged your
data. Always remember that as your organization changes, your Disaster Recovery Plan must also change.

Create an Organizational Policy
          You can’t always control what is being sent to your organization, but some simple rules and guidelines can
go a long way in preventing a Virus break out. Guidelines will help your end users know the risks they are taking
through items such as zip disk, floppies and downloading software from the Internet.
Have your IT department co-ordinate with your HR Department to establish policies and procedures. Provide them
with Educational material, a list of resources and most importantly, who to contact if they receive a suspicious file or
suspect a virus may be involved.
Educate Your End Users
          Your Organizational policy lets your end users know where to find info on viruses, but your responsibility
does not end there. Teach your end users not to open attachments from strangers, be aware of files that contain
macros or have exe files with the email itself. Have them forward all suspicious looking email or files directly to an
administrator who has the facilities to                                           test the email/file in a secure

                     300 – 604 COLUMBIA STREET, NEW WESTMINSTER, BC, CANADA, V3M 1A5
                        TOLL FREE: 1 (888) 988-9600 TEL: (604) 540-6808 FAX: (604) 540-6880
D E E P B L U E C R E A T I V E I N C.

Secure the Desktop OSs
           A virus received its power from the right of the user currently logged. By limiting or reducing this power, you
in effect also reduce the possible damage a virus can do. This applies to all users including administrators. How many
of you use the administrator logon to do your regular daily work such as read email, type a letter or browsing the web.
Viral technology has progressed to the point that damage to the entire network is possible through replication. This is
exaggerated even more when the user has domain level administrative rights. Limit your time spend logged in as a
domain-level administrator to only when you have a specific job to do.

Secure the Servers
           You’ve probably already secured your servers, but have you enabled security auditing? The audit policy in
User Manager lets you monitor any suspicious activity such as failed attempts, access network resources. Get in the
habit of regularly checking these logs, they are usually your first warning that suspicious activity may be occurring.
Again, make sure everyone is using their assigned account and not the Administrator account for everyday work.

Filter at the Gateways
            Mail gateways or SMTP servers are usually viruses' primary entry point into an organization. Gateways are
the first line of defense and the place that most organizations place virus-scanning or content-filtering software. Virus
scanners look for recognizable patterns in files that might match a database of known viral signatures. Content-filtering
software keeps out unwanted content: viruses, unsolicited commercial email (UCE), and restricted attachment types
such as large video clips. By placing the burden of scanning or content filtering on the gateways, you can keep mail
servers more responsive to users' needs, such as sending and receiving email, browsing public folders, and sharing
calendar information.

SMTP scanning and filtering doesn't require much server horsepower. However, the queues can build during peak
periods and affect delivery times. Ensure that adequate RAID-protected disk storage is available for the mail queues.

Virus-scanning software is effective against only the viruses it knows about. By scheduling frequent (e.g., nightly),
automatic updates of virus information, you increase your odds of knowing about the latest outbreak.

Scan at the Desktop
           Viruses frequently enter organizations through PCs, or desktops. Long before email became the conduit for
viral transmission, organizations were implementing scanning on client desktops. Desktop scanning uses realtime
methods, running as a service or application that watches for file access and scans those files, or manual (scheduled)
scans that run periodically against selected files, directories, or drives

Limit Receipt of Attachments
         An extreme Organizational Policy may prohibit the receipt of any email attachments. Although this may
seem heavy handed, there are some benefits. Your organization may block attachments during a serious viral
outbreak and send a message to the originator explaining why the attachment was blocked.

Clean Up Later
           If you’ve been hit with a virus, check with your Anti Virus software provider on how to clean up infected files
and systems. Almost all vendors will supply you with some type of utility to aid your during this phase. Make sure all
virus definitions on all desktops and servers are up to date or you risk the chance of re-infection.

Let Someone Else Worry About It
     If the thought of adding more work to your usual 12-hour workday is not appealing, consider outsourcing your
virus protection to an ISP or ASP. The provider will handle all Anti Virus scanning including software, administration,
system updates and system management. You merely point your inbound and outbound mail through their servers.
Check with your provider on the                                                   following items:

                      300 – 604 COLUMBIA STREET, NEW WESTMINSTER, BC, CANADA, V3M 1A5
                         TOLL FREE: 1 (888) 988-9600 TEL: (604) 540-6808 FAX: (604) 540-6880
D E E P B L U E C R E A T I V E I N C.

     Detection techniques: What types of files or attachments does the vendor look for? Does the provider look at
      the file or document extension only, or does it peek into the file header to determine the type?
     Timeliness of research and development:
     How often does the vendor update its scanning definition files?
     What is the vendor's source for the scanning engine and definitions (i.e., how does the company research or
      find out about new viruses)?
     False positives and quarantines: If one of your boss' incoming email attachments coincidentally matches a
      viral signature and the virus scanner incorrectly identifies it as a virus, will the software quarantine the
      attachment or delete it? How do you get it back (before he or she finds out)? Is the quarantine directory
      secured against unwanted snooping?

  For more information on Products and services from Deep Blue Creative,
  Please visit us at:

  300 – 604 Columbia Street
  New Westminster, BC
  V3M 1A5
  Tel: (604)-540-6808
  Toll Free: (888)-988-9600
  Fax: (604)-540-6808



                 300 – 604 COLUMBIA STREET, NEW WESTMINSTER, BC, CANADA, V3M 1A5
                    TOLL FREE: 1 (888) 988-9600 TEL: (604) 540-6808 FAX: (604) 540-6880

Shared By: