Spyware, adware, and malware infections waste bandwidth, drain productivity, and present significant risk to your business. And the amount of malware, or harmful programs, shows no sign of abating.
Restricting employee Web use can not only increase worker productivity, but it also can help prevent malware from damaging your network.
Sophisticated Internet content filtering solutions can categorize millions of URLs into convenient and easy-to-interpret groups and allow you to block access to potentially harmful groups. Sites categorized as “hacking” and “criminal skills” will typically contain the known URLs that might download malware to the computers on your network.
Here are some other common Internet threats and some proposed solutions:
- Trojans are programs that can invite spyware, adware, and malware applications to be downloaded and installed onto a computer. Real-time scanning can eliminate all of the known computer viruses, worms, and Trojan horse attacks delivered through the SMTP, POP3, FTP, and HTTP protocols.
- Executable files with extensions such as .exe, .com, .bat, .bin, and .dll are often malware programs. You need the ability to block all email attachments that contain these types of files.
- Screening for viruses on the HTTP protocol eliminates known computer viruses, worms, and Trojan programs that might be embedded in a JPG attached to a Web page. HTTP virus screening can block and quarantine adware and spyware executables and is capable of blocking any defined file type downloads across Port 80, intentional or not. Files with .exe and .zip extensions or scripts like Java Script and Active-x can be blocked at the firewall. A best practices approach is to restrict HTTP Port 80 downloads, disallowing the many .exe programs and otherwise cleverly disguised malware from being downloaded via the Web. Some virus authors use free screensavers, weather agents, or other attractive software to tempt an unknowing user to download the malicious content.
- Active spam filtering eliminates the possibility of a spam-induced malware infestation by identifying spam and marking it or deleting it before it reaches the end user. Miscreants often use spam email to propagate spyware to as many recipients as possible.
- Your IT administrator can block individual URLs or block by category. The most flexible filtering engines also allow for categories to be blocked only for certain times during a day. For instance, the Job Search and Career category might be blocked 24 hours a day, while the Lifestyle and Culture category might only be blocked during business hours (9 a.m. to 5 p.m.).
- Trojans often utilize unprotected ports to propagate and infect unsuspecting corporate technology. Often these Trojans will capture confidential information or reconfigure systems so they may be used remotely by a hacker. This is one of the most disruptive types of malware known. An intelligent port blocking strategy can help stop this sort of malware. Typically, only ports for POP3, SMTP, FTP, DNS, HTTP, and HTTPS should be open for traffic.
- Blocking known file-sharing IP ports can also help stop malware from reaching your network. Many end users of file-sharing programs are unaware of this threat and do not consider the vulnerabilities the file-sharing programs present on a corporate network.
- Finally, in certain network environments it may be desirable to block instant messaging traffic produced by programs such as ICQ, AOL, MSN, and Yahoo instant messengers. These programs use known ports that can be blocked. Further, many Web filtering functions contain a blockable category for chat URLs that, when selected, can block Web-based chat clients.