CompTIA Network+ Exam Tutorial: Virus & Antivirus Programs

by : Chris Bryant

Whether you’re preparing to pass the Network+ or Cisco CCNA certification exam or not, you must not underestimate the importance of antivirus programs and virus definition updates.  With all the attention we pay to viruses and their prevention, I feel a little silly even saying that.  But….

If there's one thing you must have working at full capacity in your network, it's the antivirus programs.

If there's one thing that is commonly overlooked when it comes to updates, it's the antivirus programs.

In today's world, your network must be protected from both internal and external antivirus threats.  By implementing and executing an aggressive antivirus strategy, you can greatly reduce your network's chances of being hit with a virus.  Literally hundreds of millions of dollars in productivity are lost every year due to virus attacks, along with a few jobs.  Make sure both your network and career are protected!

You may be asking yourself what this has to do with the CompTIA Network+ certification exam.  To earn this important computer certification, you’ve got to display knowledge of threats to your network and how to stop them – and viruses are at the top of that list.

Before we discuss how to stop viruses, let's discuss exactly what a virus is.  All of the following are bad, but they're not all viruses.

Just as a human virus is spread through contact, so is a computer virus.  A virus is a program that gets onto a computer without a user's knowledge and then performs an action that can range from mischievous to destructive.  For a virus to be spread, there has to be some kind of contact between an infected user and another user - generally, that contact is the forwarding of an email that has an attachment that contains a virus.

A worm is a type of virus, but a worm can spread on its own without any "help" from the infected host.  Even worse, a worm can replicate on its own, resulting in many more worms attacking other hosts.  A common worm attack involves the worm sending a copy of itself to every single user listed in the infected host's email address book.

A third, more insidious attacker is the Trojan Horse.  In history, the Trojan Horse was presented as a gift to Troy by the Greeks, and it was filled with Greek soldiers who attacked once the Horse was taken inside the city's defenses.  Today's Trojan Horses attack in much the same fashion.  The program installed by the user may look legitimate and innocent, but there's another program inside just waiting to attack the user's computer.

It's a good idea to periodically remind your end users about some basic steps they can take to help prevent unleashing a virus:

Don't open email attachments from anyone outside the company.

Don't download software and install it, especially what I call "fun and free" software such as gaming programs, animated cursors, etc.  Most of that software is safe, but a minority of those programs contain adware and could unleash a virus on your network.

Don't open email from anyone you don't know, especially if the subject line doesn’t make any sense. Just trash it.

End user education is important, but we have to face facts – it’s not perfect. That's true for virus protection as well as network security.   I personally wish I had a dime for every password I've seen written on a sticky note that was attached to the monitor!  As network admins and engineers, we've got to be aggressive in the fight against viruses and not depend on others.

While we should certainly have an antivirus program on every server in our network, there is one point of communication that we've got to be particularly sensitive to, since this is where most viruses and worms make their way into our network – the email server.

We've got to be particularly vigilant about the email server's antivirus protection, since this is where users come in contact the email attachments that can lead to so much trouble.  When a host is receiving email from an email server, the antivirus program on the client should scan that email even before it's opened.

Attachments are a major source of viruses, and many networks now have a firewall strip attachments off before they even get to the email server.  Firewalls are devices used to filter traffic, and a firewall can be set to remove incoming attachments.  If attachments aren't allowed to enter the network, end users can't launch them and their potential viral payload.

This common configuration also gives you the option to reject incoming email that has an attachment, along with the option of notifying the sender that the email was filtered for that reason. 

Bottom line:  every email attachment is a virus threat.

So how do you best protect your network against viruses, Trojan horses, and the like?  We’ll discuss that in tomorrow’s CompTIA Network+ certification exam tutorial!  Until thenFind Article, keep studying!