Securing your network from malware

One of the most significant threats to the security of your network, and the leading cause of data loss, is malware. Whether that malware comes in the form of a worm probing your external addresses for a vulnerable service, a Trojan horse program embedded inside of a download, an infected document received via email from a customer, or some other source, malware infections present a significant risk to your network. Protecting your systems and data from malware is an ongoing process that requires attention, consistency and diligence. While that sounds like a lot of work, it is really quite easy if you include these six areas in your regular system upkeep. It will also be significantly less work, than cleaning up after a malware incident.

Establish a regular schedule
First and foremost, it is very important to establish and stick to a regular schedule for checking your systems. This includes scheduled antivirus scans, scheduled definition updates, scheduled testing, scheduled patching, and scheduled audits. That’s a lot of scheduling, but it’s when you let something slip that you are most likely to let something through. Microsoft (the largest vendor for most of us) releases patches on a regular schedule. Don’t just look to them though. Check your third party applications, too.

Use a security scanner to identify vulnerabilities
Whether you use a free security scanner from your operating system vendor, or purchase a more comprehensive security scanner that can assess your operating systems, your applications, and your network equipment, you should make a regular scan of all your systems both from the inside, and externally. It’s a great way to identify new systems that might have been installed without following procedure, and as these scanners update their signature files, you will be able to identify newly discovered vulnerabilities that might have been missed during the last scan. Since these can be largely automated, try to scan monthly.

Use a patch management solution to update systems
Unless you are taking care of a very small network, trying to manually patch every system will be an overwhelming task. Look for patch management software to do the heavy lifting for you. Implementing a patch management solution that can handle operating systems and applications, and that can also generate reports on compliance, lets you know how things stand, provide reports to management, and answer audit requests easily.

Use an antimalware solution to secure systems
Every system should run antimalware software, update regularly and scan regularly. This applies to servers and workstations alike. Using a central server, you can schedule updates several times per day, schedule scans to run after hours, and know immediately the state of your systems by checking the reports or dashboard. Consider antimalware solutions for your email system that use multiple engines to scan messages, as email attachments are one of the most common vectors for malware.

Educate your users
All of your efforts combined may not be enough to stop a user with administrative rights from surfing to an infected website, downloading a compromised program, or attaching a USB key carrying a virus to their workstation. Keep your users educated. Consider a security tips of the month email newsletter that offers them advice on protecting their home computers as well as work systems, keeping the message non-technical and delivering a consistent message on how they are key to security.

Use email lists to stay informed
There are several great email lists that can inform you of monthly security updates, zero day exploits, work-arounds, and best practices. Subscribe to those which are relevant to your systems, and use the distribution list for your security or IT team, so that everyone is kept in the loop. Knowledge of the threats is one of the best ways to defend against them. Here are a few to help you get started:

• SANS Institute newletters
• Microsoft’s security newsletter
• Microsoft technical security notifications
• CERT mailing lists and feeds
• SecLists.Org security mailing list archive
• Mailing lists for specific Linux/Unix distros
• Apple security mailing list

If you have these six areas covered in your maintenance plan, you should be in good shape, covering all of your bases. Just remember to set, and stick to, a schedule for all of your protective measures.

Author: Ed Fisher on behalf of GFI Software, a software developer that provides a single source for network administrators to address their network security, content security and messaging needs.