Protecting Your Network by Chris Holl, TNSC Network Technician

This blog post addresses malware, viruses, protection, and what you can do to minimize the impact that malicious software has on your business.

First, a bit of background; there are several categories of malicious activity on corporate and business networks. Viruses and Malware are software that installs on workstations within a network and either will attempt to capture information, disable the system through malicious means, or turn your PC into a “bot”. The class that tries to capture information can do this via transmitting data from a PC out to the web, or more frequently, through attempting to con information out of you. You may have seen something like this with malware that disguises itself as an antivirus program and requests a credit card number to clean your system, the end goal of the entire package being to capture your credit card info when you give it to them. The “bot” class of infection often lies dormant until called upon from a controlling system on the internet to activate a workstation as part of a network of systems designed to yield massive amounts of processing power to the authors of the virus. These “botnets” can be used to launch attacks on other networks, send spam, and hack into other systems. In addition to these situations, there are occasions when a third party will try to hack into your network directly. This is unusual but does occasionally happen.

All this said the best defense you have against any kind of attack is having a solid virus protection package and a rugged firewall on your network. This combination will help to fend off incoming and outgoing malicious traffic, while attempting to make sure that the workstations on your network don’t become infected with malicious software. Your workstations should be protected by a solid malware and virus protection package such as AVG or Kaspersky Antivirus. These are fairly robust antivirus packages and should help to prevent the initial or continued infection of a workstation. We are currently recommending Kaspersky security products in most cases as this software provides very solid protection while allowing finite configuration of the protection to accommodate a network’s needs. In addition to protecting the workstations on a network from infection, you should also have a strong firewall in place. Our recommendation is to use SonicWall devices in most situations as they provide an excellent feature set and performance for the price. This will help to prevent common types of port scans and malicious traffic from entering your network from the outside and help to prevent maliciously generated traffic from infected stations from leaving the network. In addition to the Antivirus and Firewall protection, we also recommend running windows updates through a WSUS server or using our MSP offering. This helps to ensure that any security vulnerabilities identified by Microsoft are addressed as quickly as possible with little or no impact to your daily work.

There are a couple of things to take away from this. Foremost: while we do recommend that you use a virus protection suite on workstations, the only truly secure computer is one that is not plugged in. No matter how good the protection, there is always the possibility that a system can be hacked into, or infected with a virus. Many times, systems that are otherwise very well protected become infected due to user interactions with seemingly alarming popups from the internet, and in this situation we can’t stop the person from clicking “scan” or “ok” , or whatever option they may be presented with. Once this is done you have given the infection permission to do whatever it wants. For this reason user education is important; anything that is the least bit suspicious or stating that errors or viruses are present should be referred to an IT professional to analyze before doing anything. Second: There is always a balance that we tread between high protection vs. performance and access. As your protection gets stronger, your access and your system performance generally go down. The trick is to get good protection that minimizes risk, while having minimal impact on performance.

If there are infections that make it through the security, it is important to get them checked out and scanned by a professional. If a workstation gets popups, windows randomly close during regular work, the system becomes excessively sluggish, or the PC just generally doesn’t seem to be operating properly it may well be infected. Removing the infection before it becomes too embedded is as important as all the prevention methods we implement. Overall, this means that a solid overall system of protection (the small and medium business standard is to make sure that users have secure passwords, there is a firewall in place on the network, Windows is updating regularly, and there is an effective antivirus program in place) is the strongest form of defense against infections in general, even though it is not a guarantee against infection. In addition, making sure that users know not to allow unexpected scans, don’t travel to questionable websites, and do contact an IT specialist when they do get any kind of warnings or popups before acting, can save a workstation from becoming infected in the first place.