Another threat to your network's security is the virus. A virus is a self-replicating piece of software code. Because a virus can copy itself, it can easily (and unfortunately ) be spread from computer to computer.
Viruses can be spread on floppy disks and other removable storage media. If you take an infected disk out of a computer and place it in another computer, you have spread the virus. Computers can also become infected with a virus that spreads over the network because of infected shares.
The Internet also serves as a source of virus infection. Viruses can inadvertently be downloaded from the Internet. Viruses can also be spread via email messages.
Interestingly, many viruses do little more than copy themselves ; not all are designed to format your hard drive or corrupt a certain file type. A lot of the viruses you run into are just elaborate jokes (although this does not make them any less annoying).
One of the first viruses I remember dealing with, back in my college days, was the Brain virus. Brain was (and still is) a boot sector virus that can load itself into the computer's memory (we will discuss the different types of viruses in a moment). Well, to make a long story short, Brain quickly spread to nearly every floppy disk being used on the college campus (this is in the days of 360KB, 5 1/4'' floppy disks). However, it was very easy to find the infected disks because the virus would change the volume name on the floppies to BRAIN. The virus really didn't do much more damage than that.
Although everyone fears viruses, many viruses don't do a whole lot more than replicate and spread. However, as the network administrator, it is your job to destroy viruses with impunity, whether they are just jokes or are designed to wreak havoc on your network data.
Now, I don't want to understate the fact that viruses can do a lot of damage to a computer system. Viruses can delete programs and files, and they can completely overwrite a hard disk. Viruses can be backed up along with the files that you routinely back up on the network (say, from a file server). This means that in the case of a disaster, you only have infected data files to restore to your file server.
Viruses can even find the administrator's password and pass it on to someone outside the network. This person can then log on to the network as the administrator and do all sorts of damage. So, although many viruses are just annoying and take time and money to clean up, some viruses can pose a very large security risk to the network.
Types of Viruses
A number of different virus types have evolved over the years . These different types of viruses have been classified based on how they infect a computer:
The actual number of viruses "in the wild" (meaning those found on business computers and networks) at any one time varies, but in general the number is increasing. The number of macro viruses is definitely on the rise. At the time of the writing of this book, the PE_LOVGATE.J virus was a medium threat to PCs running Windows and spread via shared network drives and email. Another example of recent malware is the WORM_KWBOT.C worm that can cause file damage to PCs running Windows. Let's take a look at worms and Trojan horses and how they can threaten your network's security and resources, and then we can take a look at some strategies for protecting against virus infections.
Worms and Trojan Horses
Not all software-based threats to the network come in the form of viruses. There are also two other wonderful products from those demented folks who brought us computer virusesworms and Trojan Horses.
A worm is a program that spreads itself from computer to computer on a network. It doesn't need to be activated like a virus. It just spreads all by itself. A worm can be potentially devastating on a worldwide network such as the Internet because it can quickly spread itself throughout the entire network. Worms typically are platform-specific and exploit some weakness in a particular operating system. For example, the Linux.Ramen worm only spreads itself among computers running Linux Red Hat.
A Trojan horse (or just Trojan as it is often referred to), on the other hand, is a program that appears to be perfectly benign , such as a screensaver or a game. For example, the HAPPY99.EXE Trojan horse, when executed, provides a nice little fireworks display on your screen and then immediately uses mail addresses found in your computer's email client to send off copies of itself to these addresses (this is similar to how the Melissa virus is spread).
One of the earliest Trojans was the AIDS Information Disk Trojan, which was actually a disk sent out to medical establishments as an AIDS-awareness product. After being executed, it created a hidden directory on the computer's hard drive and eventually encrypted the entire contents of the hard drive, making it unusable.
One of the biggest threats related to Trojans is that some are actually able to invade a computer and create a portal that allows complete access to the infected machine. This means that the cracker who controls the Trojan actually can do anything he likes with your computer. He can even use it to perpetrate a denial of service attack using your computer to help generate excess traffic that is focused on a particular Web site. Denial of service attacks are discussed later in the chapter, in the section "Protecting a Network from Outside Attack."
Protecting a network against viruses, Trojans, and worms really requires two major efforts on the part of the network administrator. First, you need to have some sort of virus protection plan. Then, once the plan has been created, it can be implemented.
Any anti-malware plan should include a list of rules that your users need to follow to keep the network safe from virus infection. These rules might include no disks from home and no personal email on the company's email system. Also, you might have to forbid file downloads from the Internet.
Although these rules might seem a little harsh, many companies have even more draconian behavior guidelines for their computer users. What's more, many companies have very harsh punishments for employees who don't follow the rules, including dismissal (which is probably because giving an employee a good flogging just isn't an option anymore). What a user does on his home computer is his business. But when you have users on a network, where the very lifeblood of the company is the data stored on the network, you really have to lay down the law as far as the rules for network computer use.
You also need to educate your users and provide them with a general overview of what a virus is and what it can do to the network. If users worldwide would have been a little more savvy, the Melissa virus might not have been able to spread so quickly across the entire globe. Although educating your users about the threat of viruses might lead to some employees crying wolf every time their computers slow down a little, having an aware user base might help to nip virus infections in the bud before they become a huge problem.
Your plan also needs to include the installation and maintenance of virus protection software. There are a number of companies that provide antivirus software: Symantec, McAfee, Norton, and Dr. Solomon's, just to name a few.
Antivirus software can be configured to protect client computers and network servers from infection. Most antivirus software can be configured so that a disk placed in a floppy drive is checked for viruses the moment a user slides it into the drive.
Antivirus software can come in a standalone version that must be installed on every computer or in a network version that runs whenever a computer boots up to the network. Some software companies that sell antivirus software also provide Web-based antivirus applications that check a computer for viruses. Figure 20.8 shows Norton Antivirus checking a computer for viruses.
Figure 20.8. Antivirus software checks a computer's drives and memory for virus infections.
Because new viruses and other malware are popping up all the time, your antivirus software has to be able to deal with the latest and greatest virus threat. This is done by downloading updates that allow the antivirus software to recognize new viruses and repair the damage they have done. Periodically checking for virus updates to your antivirus software should be part of your overall antivirus plan.