Locate your antivirus defenses for maximum effectiveness
Deciding whether to run a virus scanner is a "no-brainer." The key decision is where to place it. You must place antivirus products where attackers might introduce malicious code into your environment. Because you probably don't have an unlimited security budget, you must make good cost/benefit decisions about antivirus products. Your decisions involve your entire environment—including those assets you choose not to protect with virus scanners. However, by carefully reviewing your networked environment, knowing which antivirus resources you can afford to implement, and placing the virus protection strategically, you can develop the most effective overall protection for your organization.
I review the potential sources of virus infections and take you through a process that can help you make the best virus-protection decisions. You'll want to perform a technology inventory and understand the placement options before you locate your antivirus products. After your antivirus products are in place, you need to define how you'll use them to protect your organization most effectively.
Reviewing Infection Sources
To determine where to place your antivirus defenses, you must understand the various ways viruses can invade networks, then figure out where your network is most vulnerable. Malicious code can come into your environment more than a dozen different ways. Figure 1 shows some of the most common sources of infection. Even if you protect file servers, email servers, and your Internet connection, malicious code can still enter. Remote offices and laptops are notorious for bringing in viruses and worms. Employees' home computer systems often get infected and infect their work machines. Outside consultants can also be a source of danger. Most organizations let vendors connect directly to their networks to perform system or application maintenance. (And how well do your vendors follow your organization's security policies?) Wireless networks, PDAs, and your managers' Internet-connected cell phones can also be sources of infection.
Performing an Inventory
You must review your overall technical environment to analyze which parts of that environment need virus protection and how you can best offer it. Do you have machines running Windows XP, Windows 2000, Windows NT, Windows 3.1, DOS, Microsoft Office, Linux, UNIX, or Mac OS? Do you have PDAs, wireless networks, email servers, file servers, storage servers, and Web servers? A thorough technology inventory can give you the overview you need.
Keep in mind that just because you have a particular system or device doesn't mean you'll automatically use virus scanning to protect it. Dollars are a limited resource. For example, although you might be aware that your company lets users sync their PDAs with their PCs, you might decide the risk of malicious code entering your environment by that means is too small to warrant special virus protection for PDAs.
Table 1, page 8, shows a segment of a sample technology inventory. In addition to noting each machine's identifying information (e.g., machine name, serial number, users), you need to note the machine's function and OS. You can also add information such as email gateways, Internet connection points, major software applications, and WAN connectivity platforms to the inventory record. After you've fully surveyed your environment, you can analyze its virus-related risks.
Understanding Antivirus Scanner Placement Options
After you have a general idea about which resources you must protect and which kinds of products you might use (a discussion of available products is beyond the scope of this article), you'll be ready to consider the best placement for your resources. Virus scanners typically run at the following locations:
- desktops
- email servers
- file servers
- Internet border
Each location has its pros and cons.
Desktop. Almost every antivirus vendor offers a software solution designed to run on a PC desktop. Desktop protection, the first virus-protection model, is still the most popular. For strong protection, you must implement desktop solutions, then keep them up-to-date, which can be challenging for several reasons. First, keeping many desktops updated and current is difficult even with automated tools. Missing or bypassing a workstation is easy, and one weak link can harm the rest of the network. Second, when you place antivirus products on desktops, end users can disable the protection. Third, virus scanners loaded on desktops can severely affect local performance.
Prev. page
[1]
2
3
next page 
