The Internet Threat

Solve-IT Newsletter

Volume 1 Issue 10

The Internet Threat

By Ed Duncan, Consultant, SBSC, MCSE, MCSA

Security has become a major part of the IT industry. Fifteen years ago security was an afterthought when developing applications, building computer infrastructures, or even accessing the Internet. Today businesses can't begin to implement a strong infrastructure without planning a security foundation first. The topic of security is so broad, that we can probably talk about it for the next three months as the featured topic for this newsletter and still not cover every aspect of it.

We will not do that, but we will this month focus on the threats from the Internet and what small business owners can do to protect themselves. With many companies, large and small, relying on the Internet to conduct main portions of their business, a good security policy and implementation is vital to the success of small businesses.

Many companies and consumers alike rely on a firewall as their first line of defense against threats from the Internet. Firewalls can either be software based or a hardware device, that functions to block certain forms of Internet traffic from reaching your computer if it doesn't meet certain rules. Many Internet Service Providers offer firewall protection as a service, nearly every anti-virus vendor includes a firewall with their products, and even Windows has a crude built-in firewall in its operating systems. While highly effective as an access blocking defense measure, firewalls are only one form of protection, and can prove to be ineffective at other threats and forms of malware designed to work around them.

Consider web pages for example. Most use port 80 over the http protocol, which you don't want to block on your firewall or you won't be able to access the Internet at all. Web pages are becoming the number one source of Internet attacks with hackers injecting malicious code into many legitimate websites. When a browser that is not patched or susceptible to the specific type of malicious code that resides on the web page, the computer can become infected and carry out commands like return sensitive data such as credit card numbers, email addresses, contact information, or it can act as a computer zombie spreading the code to other computers on the network. Social networking sites are popular targets for these types of attacks.

Web filters are a good defense against these types of attacks. Web filters sort of work like firewalls in reverse. They block computers in your internal network from accessing websites based on content. So for example, if you don't want anyone in your company accessing social networking sites, you can configure the web filter to block access to all social networking sites, without you having to know the names of all the sites out there. Web filters generally work off a database that is updated constantly, so as new sites are created, they are automatically rated and categorized based on content. As a security measure web filters can also protect your business from phishing sites, and other popular sites that hackers tend to target like P2P file sharing sites, gaming sites, and online shopping sites.

Like firewalls, web filters are good but can be ineffective at stopping other forms of malware attacks. Emails and Instant Messaging continue to be an old but effective method of attacks. You can be tricked into opening emails or IMs that appear as legitimate from your friends, but in fact are Trojan horses disguised to get you to run infected code, or click a link to a malicious website. To combat these types of attacks a good anti-virus client is needed. Be sure to pick an anti-virus client that is capable of scanning incoming and outgoing email messages, provides spam blocking, as well as scanning Instant Messages. An AV client with real-time scanning capabilities is a must, and automatic updating is also important.

Another method you can use to protect yourself on the web is to use browsers that offer a privacy mode. This will allow you to visit sites without those sites collecting information about you, or dropping cookies on your computer. Also keep your browser up to date with the latest security patches. There are security watchdog groups that try to uncover and expose vulnerabilities in all the major browsers, and report them to the manufacturers when discovered. For their part, the manufacturers do an adequate job at addressing those vulnerabilities as quickly as possible by releasing hotfixes and security updates. Ultimately though, the burden falls on the network administrator or end user to get those patches installed on their computers.

While there is no method or procedure that will protect you against every threat and vulnerability that exist, using a multi-stage defense measure can help minimize the chance of becoming a target, and make your Internet experience a little more worrisome free.

Technology Spotlight: Sophos Anti-Virus

Sophos has been an industry leader in security products for over 20 years. They have a reputation as one of the few security companies that can quickly develop an anti-virus update whenever a new virus is introduced in the wild. They have been known to have working fixes tested and deployed sometimes within hours after a new virus is discovered. They have a strong team of developers and testers working in their Sophoslabs, and they are able to rapidly deploy updates to their clients. One of the unique aspects of Sophos is that they don't sell products to the consumer market. They strictly deal with business, education, and government sectors.

I chose to evaluate their latest anti-virus client for the small business, Sophos Anti-Virus Small Business Edition 2.5. You can either purchase the product individually, or get it as part of their Sophos Security Suite, which also includes a firewall, and spam blocker.

The AV client is about 62Mb in size. I am running Windows 7 Professional, and Windows warned me that there may be some compatibility issues during the install, but after acknowledging the warning, the installation proceeded without any problems. One word of caution though: you cannot have another AV program installed and running. Sophos will require you to let it uninstall any other AV programs it finds or the installation will halt.

The product is very easy to use. Real-time scanning is enabled by default. You have the choice of receiving updates directly from Sophos, or you can dedicate a server to retrieve the updates and deploy to clients in your organization. Besides scanning files and applications on your computer, it can also scan web pages, block adware, and scan for rootkits.

The memory footprint is a little larger than what I would have liked (81,000k on my Win 7 pc). The price is also higher than its competitors. The AV client is supported on Macs however and tech support is available 24x7. One feature of the product that I particularly like is that if it discovers a file with virus like tendencies, it will allow you to send the file to SophosLabs for analysis. This cuts down on false-positives being reported that you will see in other AV products. Overall this is a pretty strong product, despite being a little pricey, but I believe you are getting what you pay for.

Tips & Tricks: Reduce Spam

There was a study put out earlier this year that stated 97% of the emails we receive everyday can be classified as spam. I was surprised at that high number, but it may not be that far off. If you're fortunate enough to have a good spam blocking program, or an Internet Service Provider that offers spam blocking services, you won't even see many of those messages. However there are some simple steps you can take to limit the amount of spam from proliferating your Inbox.

Don't post your email address on your website unless absolutely necessary. There are web crawlers that do nothing but search and harvest email addresses it finds on the web. If you have a business and want to post a contact email address, use something generic like sales@company.com or info@company.com.
Don't post your email address on social networking sites. Keep it hidden unless you're using a generic address. Give out your email only to people you know and trust.
Have an alternate email address when you must supply one. I like to download tech papers from different vendor websites. I'm often asked to provide my contact information first. If it's a vendor that I don't want to receive endless emails from, I use a public email account that I seldom check like Gmail or AOL.
Don't accept terms of agreement without reading the fine print. If you download or sign up for a service online, be sure to look for checkboxes that state something to the effect "Would you like to receive email upates on future products and services", or "You agree to allow us to share your information with our partner companies". If you don't uncheck these boxes you are just agreeing to receive spam.
Read the Privacy Policy. Many stores that you shop in will ask for your email address at checkout. Don't provide it unless they show you their privacy policy and it states that your email address will not be sold or shared to other companies.
Don't reply to spam messages. Some spam mail will have links to unsubscribe from their mailing list. However if the email is not from a valid mass email distributor like Constant Contact, or iContact, the link will not unsubscribe you, but will confirm to the spammer that your email address is legitimate.
Don't automatically download graphics in HTML mail. Many spammers can embed code to track who is opening their messages by downloading the graphics in the HTML message. This validates your email address to them when you do.