How can we prevent the rise of LAN viruses?

The spring breeze is born again. In fact, this is not only the case for weeds, but also for viruses in the company's internal networks. Many network security management personnel have similar troubles. Anti-virus software has been deployed on various clients and servers and has been upgraded to the latest version. Why are endless viruses detected in the lan?

In fact, this is because the current virus is getting confused. He will hide himself in various forms without being detected by anti-virus software. For example, some viruses often use anti-virus methods to prevent antivirus software from being killed. For example, there is a svchost.exe process in the task manager of the system. The process name is the same as the operating system name, and the case is the same. Is this process safe? Actually not. The task manager cannot view the executable file of a process. Normally, the system svchost.exe process corresponds to a folder in the root directory of the operating system of the executable file storage system. The virus can copy its own virus file to the system directory root directory and rename it svchost.exe. After the virus runs, we see the process svchost.exe in the task management module. It seems like the normal process of the system is no different. In fact, the virus is already dominant, and the identity of the legitimate host of the operating system is bright and bright.

Therefore, the concealment of virus software is getting better and better. A truly harmful virus will not be like a pandatv virus. Then you will know that your network is poisoned. As the saying goes, a biting dog is not called. The harmful viruses will only stay behind the scenes and monitor you. When necessary, the information they need is quietly retired. This virus is a major concern among our security managers.

So how can we expose the virus to the Sun? How can we prevent the virus from being born again? For this reason, I have the following suggestions.

1. Check and kill files on a regular basis after the file server is disconnected from the network.

To be honest, the file server does bring great convenience to the enterprise's information office and resource sharing. However, it is often the biggest source of virus infection. On the one hand, the permissions of the enterprise network administrator on the file server are improperly set. Many shared folders do not require identity authentication when users access files for convenience. Or the user name and password will be automatically used to log on to the file service when the operating system starts. These measures can indeed make Server Authentication transparent to users, saving the program overhead of user authentication. However, the virus is also undoubtedly accessible. If a user's operating system has a virus, the user can easily infect files and folders on the file server with write permission. Other employees also pay special attention to accessing files on the file server out of a kind of trust. For example, some notepad or DOC files can be opened directly on the file service. To this end, users act as accomplices in an invisible way and are infected with infectious diseases within the enterprise.

In addition, the virus on the file server is often difficult to detect and kill due to the complex environment. Because the real-time antivirus software detects that a file has a virus, but it shows that the virus cannot be deleted directly, unless the file is deleted with a virus. However, our security management personnel often cannot easily make this decision. This file may be an important file for employees. In many cases, viruses cannot be detected or killed. If the virus has been writing a virus file, it may also be because an employee is accessing the file with the virus. No matter what the situation is, our security management personnel cannot take such a big risk to delete the virus together with its infected files.

To this end, I suggest that you interrupt the connection between the file server and the enterprise network when virus detection and removal is performed on the file server. Or cancel all shared files on the file server. Then, all the hard disks and memory of the file server are scanned and killed. In my daily work, it is usually once a month. The company implements a two-day off, so I need to add a one-day shift every month. First, disconnect the file server and network, restart the server, and then scan for viruses. In this way, some hidden viruses can be killed to the greatest extent. In this case, if you find that the virus cannot be deleted, you can isolate the virus file first, and then perform one-by-one troubleshooting. Because no employee is connected to the file server at this time, it will not cause unnecessary losses to the employee.