As with any security control, an antivirus solution must originate from the organization's security policy and be discussed, detailed and expanded through the other documents of a formalized security structure (i.e. standards, guidelines and procedures). An antivirus policy for any organization must address many issues, including hardware, operating system, software, network traffic, connections with external networks and users.
A common failing of antivirus solutions is inadequate efforts directed toward the human components of the IT equation. No matter how complete and air-tight a security policy or actual implementation is, if you throw a person into the mix, something unexpected is bound to happen. Unfortunately, that unexpected something is usually a security breach or policy violation. In order to reduce the level of incidents or eliminate them all together, you must seriously and directly address people in your antivirus solution.
There is one primary topic that needs to be thoroughly addressed to adequately handle the human-introduced vulnerabilities to a virus-free environment -- awareness training. Awareness training is a multi-faceted educational effort undertaken by an organization for the sole purpose of self-preservation. Awareness training should educate all users of the IT environment and even all staff people who operate within the boundaries of the organization about the general security policies, restrictions and requirements. It is especially important to make users are aware of the danger of viruses.
As part of the awareness training, users need to be taught numerous techniques and habits, such as:
- Avoid opening attachments from unknown senders
- Avoid opening attachments from known senders when they are not expecting a specific attachment
- Avoid downloading software from unapproved and unverified Web sites
- Don't install untested and unapproved software
- Avoid visiting non-commercial Web sites
- Don't bring in media from outside of the secure environment without testing and authorization by a security administrator
- Don't open communication links, such as dial-up or VPNs with unapproved sites
- Disable automatic macro execution in all programs
- Disable automatic script, applet, control, etc. execution in all Web enabled tools, such as Web browsers, e-mail, news readers, etc.
- Avoid peer-to-peer file sharing services, tools and Web sites
- Disable file sharing on all Internet tools, especially instant messaging clients
A little awareness training will greatly improve the virus immunity of your network.
About the author
James Michael Stewart is a researcher and writer for Lanwrights, Inc.
This was first published in August 2002