• PAGE ONE
• INDEX
• HOME

Beat the bug at its game

Frank Leu

WITH the increasing globalisation of economies and businesses, countries have embraced IT solutions to power economic growth. In the current scenario, any talk of global business cannot exclude the usage of the Internet.

The Internet has evolved into an effective business communications tool. Being a vast, interconnected global network, it brings a free flow of information to millions of people worldover. And with it -- some dangers too!

Over the years, the Internet has opened Pandora's box, with issues ranging from access technologies to security parameters and transfer protocols to online content. In the last couple of months, security concerns have come into sharp focus with new waves of virus attacks exposing the vulnerability of online data.

Enemy within and without

As companies increasingly depend on online content to achieve competitive advantage, information security becomes paramount. And threats come from unexpected quarters.

Though threats are generally perceived to be lurking outside the corporate environment, internal quarters are equally vulnerable. Breaches in corporate security become very real when employees get access to the Internet via the corporate LAN. This may no t only lead to a loss in productivity due to unsolicited e-mail but may also cause loss of corporate information via virus infection or unauthorised employee e-mail product discussions.

Electronic messaging has emerged as the principal distribution mechanism for viruses, particularly the macro viruses much prevalent today. These viruses, generally concealed in Word Processing and Spreadsheet files, can be easily disseminated globally to hundreds of recipients via e-mail attachments. A horrifying possibility emerges when one realises that the convergence of e-mail, Web technologies, Java applets and ActiveX controls means that no user action may be required to trigger a virus payload.

How do users protect their infrastructure? Fortunately, the options available are many. Besides installing anti-virus software and keeping virus definitions up-to-date, there are other measures that can be taken to reduce the likelihood of virus attacks. While individual solutions to these threats abound and are often downloadable from sites of leading anti-virus solutions vendors, the key to corporate security in the age of the Internet is an integrated information management solution that protects the enterprise from threats at its Internet gateway. Such a solution not only neutralises each individual threat, but also does so with minimal impact on network performance, much like the conventional air curtain that insulates the internal environment fro m unwanted pollutants and dust.

Today, most major vendors in the virus detection and control business are moving towards leveraging the features of the Internet to manage security issues. As a result the technologies inherent in the World Wide Web are increasingly being harnessed to de velop Web-based virus protection and management tools. Web-based scanning increases manageability and object-oriented design ensures flexibility. Though current virus scanning engines detect most known viruses, there are limitations too.

The integrated approach to virus protection takes away the responsibility of scanning and cleaning from individual users, and seeks to turn the Internet into an efficient mechanism for controlling an enterprise's entire virus protection strategy by conce ntrating it on one person from one machine. The new breed of third generation scanners operates on this concept of integrating the virus security mechanisms across the corporate network.

Typically, third generation scanners include the following management capabilities:

Updating -- Self-updating according to a pre-configured schedule

Configuring -- Customisable and remotely-configurable from any workstation

Deployment -- Silent, from a central server, with no user intervention

Reporting -- Centralised and consolidated across platforms.

Trend Micro is in the process of developing a third-generation scanner that provides centralised management, cross-platform functionality, and multi-layered protection. It's object-oriented design and client/server architecture seek to ensure a total vir us protection solution to the enterprise.

Protection of a network may be achieved by establishing a ``border'' around the corporate network, where all incoming and outgoing Internet traffic must be examined. But rather than merely presenting a series of independent security rings through which i nformation must pass, ``border security'' should seek to integrate and layer each type of security to present a unified and thus more powerful security solution that will allow efficient information flow.

The recent rush of security threats, as well as the convergence of technologies and trends that fuels these threats, reinforces the importance of this integrated concept.

The author is Managing Director, South East Asia & South Asia, Trend Micro.

Please e-mail us at bleditor@thehindu.co.in if you have queries on computer usage or if you find an interesting way of using a computer.