Professional Documents
Culture Documents
Enterprise-wide
Virus Protection
The Security Threat • File Viruses (including macro viruses), which are
attached to files;
Findings from recent industry studies and surveys
indicate that an alarming number of large organizations • Boot sector viruses in which the boot sectors of
have failed to implement satisfactory security policies. floppy or hard disks are infected;
Furthermore, of the 1,300 companies interviewed in a • Master Boot Record (MBR) viruses which infect
survey conducted by the National Computer Security the disk master boot record; and
Association (NCSA), 54% of the respondents indicated
they had experienced significant loss of data due to • Multi-partite viruses that are a combination of a
security breaches, while 78% of these security breaches file virus and a boot sector virus.
were directly attributed to virus infection. Reported
financial losses of over $250,000 were common, with Virus Disguises
losses over $1 million reported by some enterprises! As viruses spread, they need to avoid detection in
These statistics clearly indicate that security is an issue order to succeed in corrupting target computers.
that can no longer be ignored, and that viruses are the Simple viruses, with easily detected signatures are
most common, and unfortunately, the most serious secu- giving way to more sophisticated virus types:
rity threats encountered in the workplace.
Physical Layer
• Polymorphic Virus—Changes its signature, or
Login Restrictions
profile, each time it is activated so that a fixed
Internal Restrictions signature filter will miss it as it does its virus scan.
Virus Protection
Sensitive
• Stealth Virus—Attempts to hide their presence
Data
by intercepting interrupt services and by feeding
back false information to virus protection products
and end users.
Centralized
• Single Point Management: As an essential
Internet
Management element of an integrated solution there should be
Firewall Remote
Clients
a single focal point of security management.
Messaging Backup • Automation: The solution should include the
Servers Server
ability to automatically update virus signatures and
other anti-virus elements.
Virus protection within an enterprise demands a
significantly more robust solution than that which is
required for stand-alone computers or small networks.
Backup Servers
Workstations
Backup servers are responsible for maintaining
The essential element is to have the anti-virus soft- copies of critical data. If backup files are corrupted,
ware reside right on each workstation in the network then the system is fundamentally flawed. Corrupted
since this is the main entry point into the network. This files may be unusable for restoral purposes or may re-
approach makes great sense because the scanning work- infect entire systems. A little known issue with anti-
load is shared among all of the computers in the system, virus software is that it generally conflicts with backup
putting only a small workload overhead on each station. software. Backup software, as part of its ordinary opera-
Each station would be equipped with up-to-date anti- tion, opens up files multiple times as part of its process.
virus software and could add this task to its ordinary This requires the anti-virus software to scan these same
workload with little performance degradation and no files multiple times. A major backup system which could
need for new equipment. Although a growing number support, for example, 50,000 files. During an overnight
of virus infections today stem from Internet downloads backup process, virus checks are conducted as many as
and e-mail attachments, still the most common source of
Ethernet—A baseband LAN specification invented File Transfer, Access, and Management
by Xerox Corporation and developed jointly by Xerox, (FTAM)—The OSI remote file service ad protocol.
Intel, and Digital Equipment Corporation. Ethernet Filter—Generally, a process, or device that screens
networks operate at 10 Mbps using CSMA/CD to run incoming information for certain characteristics,
over coaxial cable. Ethernet is similar to a series of allowing a subset of that information to pass through.
standards produced by IEEE referred to as IEEE 802.3.
Firewall—Isolation of LAN segments from each other
Extended Industry Standard Architecture to protect data resources and help manage traffic.
(EISA)—A standard bus interface, commonly used by
PCs and some UNIX workstations and servers. Flooding—Technique by which information received
by an internetworking device is sent out to each of the
Exterior Gateway Protocol (EGP)—(TCP/IP)
device’s interfaces except (usually) the interface on
The service by which gateways exchange information
which the information was received.
about what systems they can reach; generally, an exte-
rior gateway protocol is any internetworking protocol Footprint—The area in which a satellite’s transmission
for passing routing information between autonomous can be received. Some footprints cover as much as one-
systems. third of the earth.
False Negative—An existent event reported as non- Frame—A logical grouping of information sent as a
existent, e.g. a virus failing to be detected. link-layer unit over a transmission medium. The terms
False Positive—A non-existent event reported as packet, datagram, segment, and message are also used
existent, e.g. a virus being reported when no virus is to describe logical information groupings at various
present. layers of the OSI reference model and in various tech-
nology circles.
Fault Tolerance—Generally, the ability to prevent a
problem on a device from affecting other devices on the Frame Relay—High-performance interface for
same port. packet-switching networks. Considered more efficient
Node—One of a number of UNIX Computers joined Parity Check—An error checking scheme which
together to form a Staffware Network. examines the number of transmitted bits in a block
which hold the value one. For even parity, an overhead
Open Data-link Interface (ODI)—Novell specifica- parity bit is set to either one or zero to make the total
tion for a multi-protocol API allowing NetWare and number of transmitted ones in the block data plus
other transport protocols to share a common network parity bit an even number. For odd parity, the parity bit
interface card for PCs on a LAN. is set to make the total number of ones in the block an
Packet—(1) A logical grouping of information that odd number.
includes a header and (usually) user data. (2) Continuous Password—A group of characters assigned to a
sequence of binary digits of information is switched staffware user by the system administrator and used to
through the network and an integral unit. Consists of up sign off some forms.
to 1024 bits (128 octets) of customer data plus additional
transmission and error control information. Password Authentication Protocol (PAP)—
A simple password protocol that transmits a user name
Packet Buffer—Storage area to hold incoming data and password across the network, unencrypted.
until the receiving device can process the data.
Trojan Horse—(1) A software entity that appears to Virtual IP—A function provided on the Catalyst with
do something normal but which, in fact, contains a the Virtual Network Services software which enables
trapdoor or attack program. (2) A computer program the creation of logically separated switched IP
whose execution would result in undesired side effects, workgroups across Catalyst switch ports.
generally unanticipated by the user. The trojan horse Virtual LAN—Membership to a Virtual LAN is
program may otherwise give the appearance of defined administratively independent of the physical
providing normal functionality. network topology. A virtual LAN segment is a unique
Unauthorized Switching—Long distance services broadcast domain.
that are switched to a new long distance company
http://www.techguide.com
Albert Einstein
www.cheyenne.com/security
This Technology Guide is one
of a series of guides, published
by ATG, designed to put complex
communications and networking
technology concepts into practical
and understandable terms.
Each guide provides objective,
non-biased information to assist in
the internal education, evaluation
and decision making process.
This Technology Guide, as well
as the other communications and
networking technology guides
in the series, are available
on ATG‘s Web Site.
http://www.techguide.com