Vital Security for Vital Computers
By Tom Inglesby
Most companies have come to depend greatly on computer systems to run day-to-day affairs, yet many of these same companies often fail to understand how to keep these systems safe from external threats.
Thirty years ago, no one was concerned about getting a "virus" in their calculator or desktop adding machine. Now, people are concerned about getting a virus in their cell phones, digital music players and anything else with a microchip. Yes, we've come a long way from six-function calculators and computers the size of a room, but we haven't necessarily moved in the right direction when it comes to security.
According to Eric Vaughan, author of the TweakHound.com security news and information website, "The current 'survival time' — the average time for an unprotected system to be attacked and compromised — is only nine minutes. This means that a newly installed, unprotected operating system connecting to the Internet for the first time will, on average, be attacked within nine minutes and compromised in some way. That further implies that there is insufficient time for a new system to connect to the Windows Update site and download the latest security and critical updates from Microsoft before the system is attacked and compromised. Yes, the Internet is a dangerous place for the unwary."
What are the threats? Let's look at the most familiar term: virus. The usual definition is: Viruses are programs that can enter computers or IT systems, causing effects that range from simply annoying to highly destructive and irreparable. Viruses have been lumped into a category of nasty computer programs called malware, a contraction of malicious software. Also in this group are such fun items such as worms, spyware, keyloggers, Trojans and rootkits. What is not generally included, despite the feelings of most, are spam and "phishing" e-mails.
Do you need to know what each does and how? Not really. What you need to know is that they are all potentially damaging to your computers (office or field) and by extension, to your business. The bad news is that there are thousands of malicious code writers working night and day to develop new generations of malware to foist on computer users. The good news is that there are also thousands of computer security experts working day and night to develop effective counter measures to help computers defend such attacks.
Virus authors often are people looking for some kind of social recognition or notoriety. Their principal objective is to exploit whatever possible means (e.g., security holes, user naivety, new technology) to ensure their creations spread as widely as possible. Oftentimes, they simply rely on the natural curiosity of most people; they lure the recipient of a malware-loaded e-mail into opening it, clicking on the embedded link, opening an attachment, going to an infected website, or otherwise releasing the malware into their system. Unfortunately, one of the weakest links in computer security is often the user, not the system.
To combat this problem, antivirus software generally tries to catch the offensive program at the point of entry, determining what e-mail messages are potentially threats, what attachments meet the criteria for the latest threats, and in general working behind the scenes to protect the system and user — and sometimes the system from the user.
The first line of defense, and the one that gets the most attention, is the antivirus segment. Familiar developers in this market are Symantec (www.symantec.com) and McAfee (www.mcafee.com). A lesser known but growing company is Panda Software of Bilbao, Spain. In test after test, Panda's security products score as high or higher than the better known brands, but they are, in many ways, the silent, stealth vendor. As such, many hackers around the world fail to defend against Panda's products while actively embedding code to override the antivirus programs of the other, more mainstream, manufacturers.
Ryan Sherstobitoff, CTO of Panda Software's U.S. office in Glendale, Calif., noted, "Panda's products are designed to include protection technologies to address various problems facing the SMB (small to medium business) market. One of Panda's key innovations, TruPrevent was designed to respond to emerging threats not immediately identified by virus laboratories. These threats pose a significant risk to SMBs because of the advanced capabilities of replicating to a large number of machines in a small amount of time. The dynamics of malicious software have changed to include a focal point of organized crime with the sole purpose of financial gain through data theft on unsuspecting users."
Therefore, the second line of defense is to maintain the programs that you use by downloading and installing security updates and patches, and to do so on a regular basis. Many software vendors have auto-update elements, and there are third-party programs available that automate the process. For its products, Microsoft offers Automatic Updates, a handy tool that, when downloaded and installed, will notify the computer user of new updates or, just as the name suggests, automatically keep computers up-to-date.
To keep multiple computers updated in a small- to mid-sized company, another option is Sitekeeper from Diskeeper Corporation of Burbank, Calif. (www.executive.com/sitekeeper). Sitekeeper is an easy-to-use, centralized patch and systems management program. Users do not need dedicated hardware or special training, and the program can be installed and running in less than an hour.
Firewalls are used to protect points of entry into a computer or network, such as Internet connections and computer ports, and to monitor all inbound and outbound "traffic" for your system. If a hacker tries to break into your computer through an unsecured port or a malware happens to bypass your antivirus software and attempts to launch a program using your Internet connection, your firewall will stop the entry or exit, flag the potentially harmful action, and notify the computer user or network administrator.
The classic, and perhaps better-known, firewall is ZoneAlarm from Zone Labs LLC, Redwood City, Calif. (www.zonelabs.com). And possibly the most maligned firewall is the one built-in with Microsoft Windows XP, Service Pack 2. While ZoneAlarm has earned its accolades, the Microsoft firewall probably hasn't earned its jibes.
Microsoft's Internet Connection Firewall (ICF) was designed to work with personal firewall applications, not to compete with them. ICF is far from perfect as firewalls go. It doesn't block any outbound traffic, which won't protect you from Trojan applications that have accessed your computer by other means. But if you are running Windows XP, the advantage is that you already have it integrated into your system.
The newest firewall, interestingly, comes from Russia — which has long been the home of some of the most creative and damaging malware authors. Mikhail Penkovsky, director of sales for Agnitum Ltd., St. Petersburg, Russia (www.agnitum.com) explained, "Russians are known as some of the most talented hackers and cyber criminals. So who better than Russian security experts to stop them from breaking into your PC?"
- Passwords that do not meet complexity requirements (i.e., using upper and lower case letters, and utilizing both letters and numbers).
- Insufficient permissions on critical components that allow privilege elevation attacks to occur.
- Unnecessary services running that could allow for remote access, such as Telnet.
- Unnecessary ports open that can lead to exploits and eventual access from a hacker.
- Administrator accounts with a null or weak password.
- Modifying the local security policy and the password complexity requirements to ensure passwords are not easily guessed. Windows provides a tool "Local Security Policy" that allows the administrator to configure system policies and export them.
- Disable any ports or services that do not directly apply to the intended usage of the system.
- Set appropriate file permissions on directories and shared drives on the system to avoid exploitation.
- Ensure that any system account with administrative rights has a complex password.
About the Author
Tom Inglesby is a San Diego-based freelance writer whose work has appeared in numerous online and print publications. He is the winner of the Construction Writers Association's 2002 Boger Award for Special Reports.