Viruses are pieces of foreign code (programs) introduced into your system to perform unauthorized acts against your internal network. Some of the viruses may contain nothing more than a simple note that says, "Hello." But far more often, the programs reproduce themselves and then attack, corrupting files at the core of the system and causing it to crash.
What It Is
A virus is a program that may or may not attach itself to a file and replicate itself. It may or may not corrupt the data of the file it invades. It may or may not try to use all of the computer's processing resources in an attempt to crash the machine. If that seems vague, it's because the people who create and deploy viruses all have different intentions.
Viruses occur in various forms, including:
Worms. This type of virus contains self-replicating, self-propelling code that invades a computer, steals its resources to replicate itself, and uses your local network to spread itself to all the computers attached to your network.
Trojan horses. This type of virus masquerades as a useful or desirable program but upon execution it may release a worm or logic bomb.
Logic bombs. This virus launches an attack triggered by an event, such as the computer clock reaching a certain date. The logic bomb may release or be a virus.
How to Recognize It
Viruses can be introduced to your system in two ways: via e-mail or by unauthorized access into your network.
E-mail attack. The typical way to introduce any type of foreign code into your system is through e-mail. When an unsuspecting person opens e-mail attachments from someone whom they don't know, the file executes its primary function. By monitoring what you receive, you may be able to recognize malicious e-mail attacks.
Unauthorized network access. When a virus can't be sent via e-mail, it's introduced through your network. Hackers penetrate a secure area by subverting its security measures. Network hackers may accomplish this by running programs that try millions of passwords until one is accepted. The best way to recognize an attempt to gain unauthorized access is to be familiar with your system. Setting up, monitoring, and logging benchmarks - established reference points from which to measure performance - will help monitor your performance and also alert you when something is wrong.
Who Is Doing It and Why
Hackers who spread viruses are more interested in demonstrating their skills than attempting to steal or alter data. Some virus attacks can be merely a nuisance - the equivalent of graffiti on your store wall - designed to demonstrate your vulnerability and the hacker's capabilities.
A virus in your network is just one indication that your security has been breached. Many times a site trespasser enters through a small hole or security gap and, upon leaving, leaves a larger hole (called a backdoor) through which other unauthorized users can more easily enter your system. Hackers often trade - and sometimes sell - these illegal accesses.
How to Protect Yourself
No one connected to a computer network is really safe from hackers. Luckily, most invasions or infections don't result in serious injury to the system that has been attacked, provided that you have an ongoing backup plan. Here are some common security measures you can take to protect your system from virus attacks.
Farm out (outsource) your Web hosting services to a large reputable provider. A good host will keep its servers' virus protection programs updated and use high-level hardware (and software) to keep its customers safe. Hosting companies are experts in security - it's their business - so let them handle it. They are also accountable for errors and are prepared to remedy situations expeditiously.
Erect a firewall between the Web server and your network. Firewalls are the foremost means of protection for your system. A firewall is a set of related programs located at a gateway server, which protects the resources of a private network from other networks. You can't buy a computer that uses an operating system without at least the simplest form of firewall already on it. You should also take a look at purchasing better firewalls that can be customized.
Review your server architecture. Some sites are organized so that Internet traffic rarely has access to its network. For example, your site may be hosted on a stand-alone server that you only communicate with when updating files or downloading a database. This architecture essentially creates an off-site host, for those times when you need excellent protection from viruses and other threats to security.
Place e-mail virus scanners on all computers. The only real defense is limiting your risk by using virus scanners and enforcing security measures on network computers. Most operating systems ship with security measures including e-mail scanners. These programs scan and filter mail for possibly unfriendly attachments. But be aware: Hackers see security systems as a challenge, not an obstacle.
Hire a skilled system administrator. Your system administrator should know your system well enough to anticipate when problems may arise. This person will use benchmarks to monitor performance and server logs to monitor trends in performance and traffic.
Keep up-to-date with security patches for your operating system and server software. Patches are security updates that cover known holes in the security system. Whoever runs the system should maintain a regular schedule of checking with the vendor for flaws, bugs, or patches that may have been reported. For example, the first patch for Microsoft's Windows 2000 came out Tuesday, March 21, 2000, just weeks after the release of Windows.
Remove unused communication ports. Communication ports are used to allow data to enter and leave the system. Each system will typically have more than 60,000 possible ports. You can use system administration tools to close any unused ports. Make sure that the system defaults are checked and changed if necessary.
Copyright © 1995-2000 Pinnacle WebWorkz Inc. All rights reserved. Do not duplicate or redistribute in any form.