Lan virus intrusion principles, phenomena, and prevention methods

I. Lan virus intrusion principles and Phenomena

Generally, a computer network consists of a network server and a network node station (including a disk workstation, a diskless workstation, and a remote workstation ). Generally, computer viruses are first transmitted to a work station with disks through various channels, and then spread over the Internet. Specifically, the communication methods are as follows.
(1) The virus is directly copied from the workstation to the server or transmitted over the Internet via email;
(2) is the first virus infection workstation?
(3) virus first infecting the workstation, and resident in the workstation memory. During virus running, the computer is directly transmitted to the server through the image path;
(4) If the remote workstation is intruded by viruses, the virus can also be transferred to the network server through data exchange.

Once the virus enters the file server, it can be quickly transmitted to every computer on the entire network. For diskless workstation, because it is not really "diskless" (its disk is a network disk), when it runs a virus program on the network disk, the virus in the memory is transmitted to the program or to other files on the server through the image path. Therefore, the diskless workstation is also a hotbed of virus.

It can be seen from the spread of the above viruses on the network. In the network environment, Network Viruses not only share the common characteristics of computer viruses such as propagation, enforceability, and destructiveness, but also have some new characteristics.
(1) Fast Infection
In the single-host environment, the "land shortage" and "erosion right" throw, and throw when 9 then, when there was a good fortune, even if u was the biggest threat, "Jing Tu is a little proud of being a kind of you, a series of neon, and even a bunch of others?
(2) wide spread
Because the virus spreads rapidly in the network and the Spread scope is large, it not only can quickly infect all computers in the LAN, but also can spread the virus to thousands of miles away in an instant through a remote workstation.
(3) diverse and complex forms of dissemination
Computer viruses are generally transmitted over the network through "workstation" to "server" to "workstation". However, virus technology has improved a lot and the transmission forms are complex and diverse.
(4) difficult to completely clear
Computer viruses on a single machine can sometimes be solved through virus files. Low-level formatting of hard disks and other measures can completely clear the virus.
However, as long as one workstation in the network fails to be cleared, the whole network can be re-infected with viruses, or even a workstation that has just completed the antivirus work, it may be infected by another infected workstation on the Internet. Therefore, only anti-virus is performed on the workstation, and the harm of the virus to the network cannot be solved.
(5) destructive
Network viruses directly affect the work of the Network, reducing the speed and affecting the work efficiency. Network crashes and server information is damaged.
(6) Testability
The conditions for network viruses are diversified, including internal clock, system date and user name, or network communication. A virus program can inspire and launch attacks on a workstation according to the requirements of the virus designer.
(7) Potential
Once the network is infected with a virus, even if the virus has been cleared, the potential risk is enormous. According to statistics, after the virus is cleared on the network, 85% of the network will be infected again within 30 days.

For example, the Nimda virus searches for file sharing in the local network. Whether it is a file server or a terminal client, once found, a hidden file is installed, the name is riched1_dll to every directory containing "DOC" and "eml" files. When you open "DOC" and "eml" documents through Word, WordPad, and Outlook, these applications will execute the richeddll DLL file to infect the machine, and the virus can also infect files started on the remote server. Emails with Nimda virus do not require you to open the attachment. You only need to read or preview the emails with viruses, and then send the emails with viruses to your friends in the address book.

Ii. Prevention of LAN viruses

Take "Nimda" as an example. After an individual user is infected with the virus, they can use the stand-alone antivirus software to clear the virus. However, once a machine on the enterprise network is infected with "Nimda ", the virus will automatically replicate, send, and use various means to continuously cross-infect other users in the LAN.

Computer Virus forms and transmission channels are becoming increasingly diverse. Therefore, the anti-virus work of large enterprise network systems is no longer as simple as the detection and removal of a single computer virus, A multi-level and three-dimensional virus protection system is required, and a complete management system is required to set up and maintain protection policies for viruses.

An enterprise network anti-virus system is built on the anti-virus system of each LAN. According to the anti-virus requirements of each LAN, a local network anti-virus control system should be established to set up targeted anti-virus policies.
(1) Increase security awareness
Putting an end to viruses and subjective initiative play an important role. The spread of viruses is often due to the lack of knowledge of virus transmission methods by employees within the company. There are many channels for virus transmission, including networks and physical media. To scan and kill a virus, you must first know what the virus is, how it harms, the dangers of the virus, the security awareness, and the battle to eliminate the cancer have been half done. At ordinary times, enterprises should begin to strengthen their security awareness to increase their vigilance against the hidden viruses in their daily work. For example, they should install a public-recognized anti-virus software on the Internet and update the virus definitions on a regular basis, scan and kill unknown files before running, scan and kill viruses once a week, reduce the number of shared folders, and try to control permissions and add passwords when sharing files, can effectively prevent the spread of viruses in the network.
(2) Careful email
With the popularization of the Internet, email box has become an indispensable medium in people's work. It is convenient and quick, while improving people's work efficiency, and has no intention of becoming a virus culprit. According to some data, more than 90% of the viruses are spreading through emails.
Although the spread of these viruses is very simple, it is not just a technical problem, but also to educate users and enterprises to take appropriate measures. For example, if all Windows users disable the VB Script Function, viruses like kurnikova cannot spread. The virus can be rejected as long as you are always cautious and do not open suspicious emails.
(3) Select the online anti-virus software
Selecting a powerful online virus "killer" is crucial. In general, whether the detection and removal are complete, whether the interface is friendly and convenient, and whether remote control and centralized management are possible