Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Community Blog

How you can Protect your Network

Created: 23 Apr 2009
Symantec World's picture
+1 1 Vote
Login to vote

Hi All,

You want your network secure so have to folow the following points.

• File system protection
Consider how your network resources should be protected. All file servers should have an antivirus solution that actively scans the file system in real time so that, as files are modified or added, the antivirus application can quarantine or repair the affected files before they spread to client systems or other servers. The server should also be protected at the file system level in other ways. For example, all Windows servers should use NTFS, since FAT offers essentially no security. You should also eliminate unnecessary shares, require share permissions for all shares, and use hidden shares where possible to further protect the server from worms that propagate through unprotected shares.

• Don't open an attached file if you do not know what it is, who sent it to you, or you were not expecting it (even if it is from somebody that you know.) This is especially true if the file has any of the following extensions: .pif, .vbs, .scr, .exe

• Don't use the preview pane in Outlook. Some viruses can infect a computer just from the preview pane.

• When in doubt, contact the sender. Write back to them and ask what the attachment is. If the attachment is valid, they will tell you what it is and what it does.

• Disable unneeded services
Carefully review each server and ensure that it is running only those services required for it to carry out its function. Disable services that are not needed to reduce the server's attack surface, and explore ways to harden required services. Separate critical services from noncritical services by moving them to other servers, and consider deploying load balancing and clustering where appropriate to help ensure high availability.

• Outgoing messages should also be checked
In addition to scanning incoming messages, you should consider scanning outgoing messages. The presence of an infected attachment in an outgoing message is a sure indicator that at least one client system is infected. You should also use some form of administrator-controlled attachment blocking to prevent certain types of high-risk files from entering or leaving the network. The extended e-mail security update for Microsoft Outlook provides enhanced security protection for Microsoft Outlook, including incorporating attachment blocking. The security update is also available for Outlook 98. Exchange Server administrators can use the Outlook E-mail Security Administrative Package to configure attachment blocking options and specify which applications can access the user's address book, send messages programmatically, and perform other actions.

• Updating and patching
Besides deploying solutions at the gateway and the server, you should also consider e-mail client update and patching to be an important aspect of any antivirus protection scheme. Deploying the Outlook security update is one option, as is upgrading to the latest version of Outlook. If your company relies on Outlook Express, you should deploy the Outlook Express Security Patch, which has security features similar to those in the Outlook security update. The Outlook Express patch also fixes other problems, including a buffer overflow exploit for Outlook Express mail headers.

If you rely on Outlook Web Access (OWA) for remote access to the Exchange Server, you should also consider upgrading to Exchange Server 2003. This latest version incorporates attachment blocking for OWA. Scanning incoming SMTP traffic is a good first step, but SMTP isn't the only protocol that can expose the network to attack. Consider antivirus solutions that offer protocol scanning for FTP, HTML, POP3, and other protocols.

• Update and notification schemes
No antivirus solution is complete without carefully considering update and notification schemes. You need to understand how frequently your antivirus vendors make updates available, including ad-hoc updates during virus or worm outbreaks, and plan your updates accordingly. You should also implement some mechanism that enables administrators to verify that updates are being downloaded from the vendor and broadcast to servers and clients on a regular basis. A virus signature update that sits on a server waiting for weeks for a client to pull down is a useless update.

Finally, find out how an antivirus solution notifies administrators of virus infections and outbreaks, and how it responds to those outbreaks. The more quickly you're notified, and the more options available for notification, the more likely you are to be able to stop an outbreak before it gets out of hand. The capability of the antivirus solution to take actions automatically when an outbreak begins can be a valuable feature and a real lifesaver, particularly if an outbreak starts in the middle of the night. When you're evaluating your antivirus solution, take into account not only how well it will scan for and detect viruses, but also what actions it can take on its own (under your configuration) to address the threat.

• Free Virus Removal Tools
Sure the antivirus vendors want to make money, but if you ever get the chance to meet one of their virus researchers, you'll find their real motivation is to protect users. As corny as that may sound, it's true. That's why when stubborn or fast-spreading infectors are discovered, antivirus vendors release special tools to remove the malware - and give the tools away free. It's no substitute for installed antivirus software, but if you're already infected and in a pinch, it's the next best thing to, well, installed antivirus software. Symantec Virus Removal Tools - Antivirus vendor Symantec offers a wide range of free cleaning tools for individual malware removal. http://www.symantec.com/business/security_response...

Regard,
Mansoor Rashid