Guarding against Network Virus
While the primary intent of anti-virus software is to prevent worms and viruses from infiltrating an organization's network, some programs fail to detect more complex infections, thus enabling an outbreak to start. This issue primarily arouse from the widespread use of laptop computers and mobile computing in general. Since many users tend to operate mobile devices with no security implementation at all, an entire network becomes susceptible to infection. Once a virus establishes a strong hold within the network, removal often becomes difficult for the most advanced anti-virus software. Additionally, intrusion detection systems and firewall components have a difficult time preventing the network virus from propagating to other files and devices.
A network worm or virus has the ability quickly degrade the performance of a network, totally disabling critical devices, programs and network connections. Once the infection spreads, fully eradicating it often becomes difficult. Reinfection typically occurs which prompts a spiraling support effort and inflating cost when attempting to recover from the initial outbreak.
The best solution for defending an interconnected organization is to implement a program equipped with a network-based firewall. This type of software can be configured to automatically repair infected network devices and more importantly, prevent the virus from occurring.
A network-based firewall uses a combination of techniques to detect, contain and eliminate viruses known to plague a network. Here are some of the common features you'll find:
Outbreak Monitoring - Keeps track of changes in traffic flow, connections made to and from a particular client and sudden increased traffic through ports and protocols such as TCP, UDP, IGMP, and ICMP. The system administrator is immediately notified of any infectious host computers that are detected.
Outbreak Prevention - Prevents the spread of viruses over WANs (wide area networks) by using file, IP address, port and protocol filtering. These processes may be automated or configured manually to give the user greater flexibility and control.
Scanning and Detection - This type of program uses virus scanning technology to detect the latest network threats, dropping the infected packets before they have a chance to be executed.
Security Enforcement - The enforcement of strict security polices greatly reduces the threat of worms, viruses and other infections, setting guidelines that ensure the protection of a network. Some of the actions it may enforce typically include the detection of other anti-virus software that create conflict or automatically downloading virus definitions and scanning technology from an online database. It will also check for compliance of these policies among authorized users who access the network. Those found not to be in compliance can then be directed to comprehensive instructions that detail how the application is to be updated and receive training on any other areas that correspond to the network's security policies.
Where to Find Them
Network-based firewalls have been implemented by a number of security vendors. Some examples include Symantec's Endpoint Security, Norton's 360 and TrendMicro's Virus Firewall. When the integrity of your organization is on the line, it's important to protect it with the best security available.