Network administrators beware: An e-mail version of the Grinch greeting card that tiptoed onto your network could be stealing more than Christmas. It could also be robbing your bandwidth, your data, and leaving you some unpleasant gifts.
The combination of the holiday season and the ease of e-mail has led to the seasonal problem of large files and executables being sent en masse across corporate networks. Such messages can often include viruses, hide malicious mobile code attacks in Java applet or ActiveX control animated graphics, or simply steal bandwidth due to the large amounts of space the messages require.
Security experts agree that the first way to prevent problems is to have a consistent policy about distributing holiday greetings.
"If someone sends a 200KBps message to everyone in the network, that can be a problem very quickly," said Dan Schrader, director of product marketing at Trend Micro, a network security company in Cupertino, California. "Set some clear policies and tell your users what they are."
As mobile code sees greater proliferation in messages, administrators and users need to be aware of what they are opening when they receive a message.
"If you are putting something in a mailing, you should probably check and make sure that it's not hostile code," said Jim Balderston, an analyst at Zona Research, in Redwood City, California. "Otherwise it's like sending Christmas cards covered in anthrax or something."
"A lot of the Christmas cards, or some of the more entertaining Christmas sites, are done in mobile code, so you need to be careful about what you are opening up," said Penny Leavy, vice president of worldwide marketing at Finjan, a mobile code security company in San Jose, California. "What looks like an innocent animation may be malicious in nature, and could damage your machine."
Tally Systems will soon begin shipping Version 2.2 of Veranda, an e-mail usage-management and reporting system. Veranda will let administrators zero in on where the large files are coming from and stop them before they are widely distributed, according to the company.
"It's a reporting system for a variety of types of messaging mechanisms," said Joanne Egner, product manager at Tally Systems. "We created some new reports specifically for capacity planning and load balancing of your e-mail systems."
Tally's Veranda 2.2 is slated for release Dec. 18 for Windows NT, Windows 95, and Windows 98, and is priced at $US1,995 for 100 users.
Tally Systems Corp., in Lebanon, New Hampshire, can be reached at www .tallysystems.com.