Protective Layers: Securing Corporate Networks

Computerworld - When the Nimda worm struck in 2001, one of its many victims was the Virginia Hospital Center in Arlington. The worm crashed servers, erased data and forced VHC to hire a consultant.

"It deleted files and brought a couple of servers to their knees," says IT director Mark Rein, who joined VHC a year after Nimda struck. "We had to have a company come in and eradicate the virus."

Fortunately, the virus didn't attack patient data. But it did provide a wake-up call, making VHC aware that it needed better e-mail security. There wasn't a silver bullet that could stop all viruses and—nearly as bad—spam, so VHC opted for multiple overlapping defenses.

Today, the hospital is protected by five layers of antivirus and antispam defenses: an e-mail relay and antivirus product called eSafe from Aladdin Knowledge Systems Ltd.; an antispam and antivirus device from MailFrontier Inc.; antivirus software from Symantec Corp. on the e-mail servers and desktops; and a Web filter from Websense Inc. to monitor HTTP traffic and prevent employees from accidentally downloading viruses from the Web.

Finally, the hospital uses a Juniper Networks Inc. intrusion-detection and-prevention product to alert IT staff to anomalies in network traffic or unauthorized software on the system.

Sound excessive? In this era of massive malware attacks, such multiple layers of defense are, in fact, not paranoid but prudent.

In a March report from Ferris Research in San Francisco, antivirus software vendors said that there were nearly 100,000 viruses in existence then and that the number is increasing each month. F-Secure Corp., a vendor of antivirus products in Helsinki, Finland, notes that the largest virus outbreak in 2004, MyDoom.A, churned out nearly 10% of global e-mail at its peak (see New e-mail worm breaks infection records ).

Image Credit: Joyce Hesselberth

Last fall, for example, the U.S. Department of Energy's Carlsbad, N.M., office was perplexed by a sudden flood of pop-up pornographic ads on employee PCs. "We couldn't understand how we were getting all this traffic from adult sites," says Paul DeVito, information systems site security manager.

His staff traced it to a weather site used by the DOE that had been hacked and was downloading X-rated adware to visitors' PCs.

Besides cutting productivity, adware and spyware can also cause computer problems and worse. "It can cause instability in PCs, operations to crash, slow performance," notes Chris Williams, a senior analyst at Ferris Research. "And it can log your keystrokes and report those back to a Web site, so your network log-in is being compromised."

Security Strategies