Customer Needs Assessment
Vulnerability to Attacks
Worms often include instructions in their code to erase data and destroy network resources as well as to open security holes and backdoors that allow an attacker access to and control of the infected network device. Some worms can also disable antivirus and firewall software. And several worms can take over an infected computer to send thousands of spam emails and messages.
When a network infection occurs, the most immediate problem comes from the vast amounts of bandwidth consumed and the disruption of network functions while the virus or worm replicates and sends itself.
When a new virus or worm attack is launched, anti-virus vendors work quickly to update the definition file for their anti-virus software so that it detects the attack and removes it. Typically, they provide tools to repair the damage as well.
Despite the anti-virus vendors’ best efforts, however, there is always a lag between the time the virus or worm is discovered and the release of a new virus-pattern file. Companies must then be vigilant enough to know that a new virus or worm is “in the wild” and update their anti-virus software immediately once the new definition file is available. (“In the wild” means the virus has been released and is being propagated on production networks.)
Assessing Vulnerabilities to Viruses and Worms. Traditional protections from viruses and worms include firewalls (both at the network perimeters and on endpoints) and anti-virus software. Because today’s worms and viruses are often designed to circumvent these protections, they cannot fully protect your network.
In addition, the industry is bracing itself for a zero-day attack. To launch such an attack, the hacker would discover a security vulnerability and immediately write a worm or virus to exploit it before the vendor could patch that vulnerability. In other words, there would be zero days between the discovery of the security vulnerability and the launch of the attack.
To protect your network from today’s worms and viruses as well as a potential zero-day attack, you can implement behavior-based solutions, such as:
■ProCurve’s Virus Throttle™ software—This invention of Hewlett- Packard (HP) Labs is implemented in ProCurve Networking devices such as the ProCurve Switch 5400zl Series. Rather than detect specific virus signatures, Virus Throttle software works on the principle that a worm will request sessions with a large number of devices on the network as it attempts to spread. It limits the number of new outgoing connections (that is, sessions or conversations with other endpoints) for each endpoint based on parameters set by the network administrator
