Detecting And Recovering From A Virus Incident
by John Stone
Posted 8/01/2003; Published 3/2003 and 4/2003

 

Abstract (Part 1):

 

When it comes to new viruses and malicious code, enterprise IT shops and antivirus software providers can only react to the latest threat, not preempt it. Short of dismantling IP networks, there is no way to totally protect IP endpoints from the next email or Web-based virus.

 

That’s discouraging, but it doesn’t mean enterprise IT shops are powerless. In fact, experience demonstrates that specific and effective steps can be taken—even if you lack the latest tools or infrastructure. This article will explain how to detect a virus and, if you discover that you are infected, what immediate response and stopgap measures you should take.

 

Abstract (Part 2):

 

Cleaning up after a severe virus infestation can take weeks in a large enterprise IP network. Unfortunately, no matter how thorough the cleanup, it won’t prevent a subsequent infection from the next new virus. But don’t let this discourage you from thoroughly investigating the current virus attack, or from making policy and procedure changes so that you can respond more effectively next time.

 

Even if you can’t afford to staff a full-blown security command center, it’s worth considering ways your staff might reduce response time, better coordinate information flows, direct containment activities, perform virus research, receive instructions from antivirus vendors and interface with business units and upper management. In fact, good communication is probably the key to effective cleanup, investigation and security improvement efforts.

 

Viruses and malicious code are the frustrating, but unavoidable offspring of today’s open and flexible IP networks. Because each virus event differs from the last, there is no magic bullet or complete defense. But with proactive planning, vigilant enforcement and appropriate technological solutions, you can deal effectively with each event.

 

About the author:

John Stone is a principal security consultant for Symantec Security Services specializing in protecting network environments from the effects of malicious code.
 
bullet

Access paper
bullet

Part 1

bullet

Part 2

bullet

Approx. 122 and 113 kB

bullet

For help with .pdf file downloads, please check out the help topic.

bullet

Return to Business Communications Review Gold Sponsor Archives

bullet

Return to Security menu


This article is reproduced by special arrangement with our partner, Business Communications Review.

 

Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at http://www.webtorials.com/reg/.