“If you don’t know where it’s from, or it’s a suspicious email, delete it,” is the advice to staff at Auckland City Council.
Business systems manager Peter Blackwell says the council has a “holistic” security strategy, based on best practices using many technologies from many vendors. He declines to be more specific, feeling such detail may make his organisation more vulnerable from hackers and the creators of worms and viruses — a common comment from those contacted by Computerworld.
However, Blackwell says an antivirus strategy should include multiple vendor products and AV products installed on gateways, servers and clients. Companies should not rely solely on traditional AV signature updating, he says, because of the delay between viruses being found and the release of the antidote.
The city council has a “quick distribution method” for releasing such antidotes which, when added to other technologies used, gives it “a good record in preventing [worm and virus] programs from causing problems within the organisation,” says Blackwell.
Early warning systems are also both a “cost-effective and efficient” method of detecting viruses.
“Any network architecture that gives a company access to external networks must have web and email AV gateways, and Auckland City has implemented this,” Blackwell says.
Tauranga District Council, uses MailMarshal, McAfee and Borderware firewall products, as well as other security procedures “that I would prefer not to elaborate on”, says information systems manager Robyn Dines.
Dines says worms and viruses have not caused problems at the council. “We continually look at the new products and have in fact changed our mail monitoring software and our virus management software, and have had a security check by an external specialist to our website and the security systems around it,” Dines says.
Staying a step ahead
TelstraClear spokesman Ralph Little says his company “continues to remain virus-free and a step ahead of malicious software threats” thanks to “best practices” and dedicated security personnel.
The TelstraClear security architecture integrates the former Clear and Telstra infrastructures and “this includes the provision of enterprise-wide virus protection, security domains and the latest firewall technology”, says Little.
TelstraClear’s ISP, Clear Net, he says, regularly deals with security threats and has many strategies to minimise and mitigate security threats. “Examples include ensuring that security patches in all service components — infrastructure such as routers, switches, firewalls, operating systems, applications, databases — and ensuring that virus signature files are current,” Little says.
WestpacTrust says it too uses “multiple levels of protection against viruses”.
“We scan all incoming emails when they come through the mail hub and again on internal mail servers,” says CIO Bob Hennessy. “We also have protection when browsing the internet — we automatically scan all sites visited and material downloaded.”
“We have protection on every server and every workstation in the organisation — running AV programs. We have a product that controls the use of mobile code — which, while not a virus, can cause similar issues,” he says.
WestpacTrust also has formal written policies relating to security. These include which machines can access the internet, which websites staff are allowed to access, every machine must be loaded with AV software, and policies cover how often signature files must be updated, Hennessy says.
Roger Fogo, IT manager of Ports of Auckland, says he uses well-known antivirus brands. The port uses scanning software and AV software on the servers and desktops, plus firewalls and early warning systems. Fogo claims these multiple layers of protection have led to “no real incidents at all”.
MailMarshal has “proven effective”, says Mainfreight IT support manager Paul Derbyshire. The Qaz virus made an appearance last year but was “nothing off any consequence”, he says. His company’s website is hosted externally, so the host deals with firewalls, and “severely restricted internet access” is in place for staff.
Xtra IT manager Shane Ohlin says the ISP uses “an effective mix of segmentation of services, active techniques, passive monitoring and focuses improvement”. Only the services that need to interact do so, to reduce cross-contamination. “Active techniques” include AV tools, behaviour triggered barriers and operating procedures. Passive monitoring for “rouge activity” aims to reduce the “window of exposure” and behaviour blocking technologies are also used, Ohlin says.
Blaming the vendor
“Without doubt, the abysmal security of Microsoft OS and apps, its vulnerabilities and the difficulty of keeping them patched without breaking functionality,” is a major security issue facing one well-known state-owned enterprise which wouldn’t be named. “This goes for both servers and desktops. A continual, never-ending headache. [Microsoft] are wretched,” says the SOE’s security manager, who is a client of Auckland-based Co-Logic’s E-Secure-IT early warning system. The SOE began using E-Secure-IT a year ago in addition to and often replacing other alert and mailing services such as SANS, Securityfocus, CERT and Bugtrak.
“Viruses remain the single most significant risk, and we have had only one minor outbreak. If I think it is serious enough, I then broadcast an email warning to the entire company to raise awareness before it has even got in,” says the SOE’s security manager.
He says he is “very happy” with the service’s effectiveness in giving his organisation more time to prepare for any attack and is quicker than having staff studying other warning lists.
Another E-Secure-IT user, meanwhile, an IT distributor, says “increasingly savvy, aggressive and belligerent black-hat hackers, and a growing resource of virus and hack toolkits” means e-commerce faces greater security risks. Its MIS team leader says its systems have not yet been breached, but it has suffered hack attacks and virus-based security exploit attempts on the web server.