Sometimes, it's not nice to share

We all know the drill. Install antivirus software on workstations, servers and gateways, and update them on a regular basis.

Many of us also implement antivirus policies to provide users with a basic understanding of how viruses spread and to illustrate how users can help thwart virus attacks. Despite these measures, many organizations have spent long hours recovering from the aftermath of network-aware worms—such as Sircam, Magistr and FunLove—unleashed into the wild. Network-aware worms simply use network connections, such as shared or mapped drives, to quickly spread themselves to other computers on your LAN.

Remember, when a virus or worm is discovered, it must be broken down and analyzed by antivirus vendors before a virus pattern file can be created. Unfortunately, this often occurs only after the virus or worm has been circulating for a while. This essentially forces antivirus vendors to play a catch-up game. Before a pattern update is issued and distributed, there can be thousands of infections—all in a relatively short time.

1pixclear.gif
Douglas Schweitzer
1pixclear.gif

Because network-aware viruses proliferate quickly across a LAN via shared or mapped drives, IT managers must examine the topology of their networks to determine which specific users need to have shared files. In addition to the obvious use of antivirus software, enterprises should prepare for these types of attacks by following these tips:

  • Never share an entire hard disk; share only specific folders with specific users as required.

  • Use read-only as the default setting for all shared files.

  • When sharing a folder, always use a strong password to protect the share and limit share access to specific users only.

  • Find and close any unused ports.

  • Always update operating systems and applications when patches become available.

Network-aware worms and viruses are hard to track down. There's plenty of room for them to hide in your network. By simply restricting file sharing and eliminating mapped drives, you can mitigate risk by limiting the vector for proliferation.

Related:

Copyright © 2003 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon