Virus Attack Prevention

Virus Attack Prevention

Based on Hulme (2004) article, many companies are now using firewalls, antivirus software and intrusion detection systems, but hackers and worms still break through business systems and cause serious damage. Lately it seems that more and more prevention and protection is required. Based on the article, attacks such as Blaster, MyDoom, and Witty cost businesses more than ten billion dollars a year. There is a need for more intelligent shields to ward off new attacks as they happen, instead of relying on signatures. Intrusion-prevention systems are what companies need to protect vulnerable computers and stop unforeseen attack methods (Hulme, 2004). The only way to make sure of protection before an attack is to integrate security technology and policies with regular and effective backups of systems, and important data. Virus attacks are becoming more sophisticated and often combine several types of threats to maximize impact against organizations.

Companies are searching for new and better technologies to block threats. According to Michael Assante, “Intrusion-prevention systems have a learning capability, intelligent, and are better able to identify and stop attacks. Since attacks are happening too fast for reactive tools, having these engines would be important to a company. There are primarily two types of intrusion prevention system. Host based is one type, which protects systems such as servers, and personal computers. Network based is the second type, which protect traffic from attacks (Hulme, 2004). Intrusion prevention systems use chunks of code that protect against potential attacks aimed at known software vulnerabilities. Many intrusion prevention systems can learn normal application and network behavior to block bad activities, like a file trying to infect a system, or a worm getting through application vulnerability and launch a buffer-overflow (Hulme, 2004). In doing more research on attack prevention, I learned that blended threats are more complex and a single security technology is not sufficient enough to defend against attacks. Effective protection from blended threats requires a security solution that has a multiple layers of defense, and response mechanism. Creating a defense barrier that includes an antivirus, firewall, content filtering, vulnerability management, and intrusion detection measures will make systems difficult for intruders to access sensitive data. All parts of the network should be protected with a response in place to provide security at all levels. Creating backups is very important in a business. But companies are not verifying their recoverability. This can lead to false backup, when a company assumes their data is secured, then finding out after a virus attack, that the backups failed and data was lost. Test recoveries should be scheduled regularly to ensure backup procedures are working like they should.
As threats quickly revolve and become more complex, managing these threats can become a great challenge for businesses. Companies need to have a good security policy in place; especially in employees are connected to an internal network with attached servers containing programs or important data. Once a virus gets through a security defense, it can quickly go through the system, destroying files, corrupting data, and make applications useless. Using a multiple layer of security, such as, running antivirus software, keeping virus definitions up-to-date, and enforcing regular backup schedules, can prevent attacks. Prevention is always the best security policy.

References
Hulme, G. (2004, October 11). Security: Get Your Shields Up! InformationWeek. Cisco Systems. Retrieved on July 12, 2008, from http://www.developers.net/ciscoshowcase/view/1201

Office of Information Security. (2008, March 31). Prevention/Recovery: Best Practices. Retrieved on July 13, 2008, from http://www.infosec.uga.edu/service/bcp/best_practices.php

References: Hulme, G. (2004, October 11). Security: Get Your Shields Up! InformationWeek. Cisco Systems. Retrieved on July 12, 2008, from http://www.developers.net/ciscoshowcase/view/1201 Office of Information Security. (2008, March 31). Prevention/Recovery: Best Practices. Retrieved on July 13, 2008, from http://www.infosec.uga.edu/service/bcp/best_practices.php