| Training | Upgrades | ||
| Support & Downloads | Computer Works Specials | Onsite Service | About Computer Works |
| Networking | Server | Peer | Wireless |
| Broadband Picks | Tip Sheets | www.geek2guru.com | Partners |
As an Internet
security consultant and system administrator, I consider the issue of computer
security to be an integral part of my overall job. Because of this, I'm not
a very trusting person, particularly when it comes to suspicious e-mail messages
with attachments coming from known and unknown senders.
Since it takes just one Trojan horse or worm virus to wreak havoc in an organization,
I am extremely cautious when dealing with all e-mails. The bottom line is,
if an e-mail looks questionable, I just don't open it.
Companies
often spend thousands of dollars on sophisticated firewall systems, only to
discover that their networks have been compromised internally. Most security
breaches on access-controlled networks happen from the inside out. The most
effective way to facilitate this just so happens to be through e-mail.
This usually occurs when an e-mail message contains a script disguised as
a seemingly harmless attachment. (I've seen this happen a number of times,
although I can't name the companies because of obvious reasons.) The well-publicized
breach at Microsoft recently is an example of this kind of compromise. Although
the exact details are unknown (or just not available to the public), it has
been suggested that the Trojan horse was sent as an e-mail attachment to an
unsuspecting Microsoft employee. When the e-mail was opened and the attached
file was executed, the backdoor program buried itself into the system and
silently hijacked the host computer. This led to Microsoft's most prized properties
being accessible to an outsider. (While Microsoft vehemently denies that the
hacker gained access to the Windows or Office source code, security experts
believe that the company's code may have been compromised.)
The reason
why e-mail is often the weapon of choice for these attacks is because many
e-mail programs, including Microsoft Outlook and Outlook Express, allow scripts
to be run directly from e-mail messages or attachments.
This is why it's vital that organizations using Internet e-mail have a centralized
e-mail scanning system to limit malicious e-mail messages and attachments.
Companies should also ensure that the e-mail program is configured to disable
scripting in e-mail messages and attachments. Instruct your users to set their
Security Levels to "High" in Microsoft Outlook and Outlook Express. Now, Outlook
will display a warning to the user if a script attempts to run in an e- mail
message.
The most effective way to protect your company and network is to educate users
about the proper use of e-mail. Emphasize to users the importance of reporting
suspicious e-mails and attachments to the IS department before opening them.
Since there are dozens of copycat worms and Trojan horse programs circulating
on the Internet, it isn't feasible for e-mail scanning software or virus protection
software to always be up-to-date.
So when users see an e-mail and an attachment that looks dangerous, it's up to them to put into action what they've learned.
.