Give Antivirus a Booster

By Baselinemag  |  Posted 2007-02-14 Print this article Print

Businesses are finding new ways to block toxic Net gunk while also stopping data leaks.


Give Antivirus a Booster Shot

Other organizations are still primarily focused on improving their defensive line. This basic blocking and tackling remains critical, because for most companies, e-mail is the number-one business application, says Eric Ogren, a security analyst for research firm Enterprise Strategy Group.

"Companies run their business on e-mail," says Ogren, who estimates that about 75% of all businesses exchange contracts via e-mail. "When the e-mail's down, people go home."

Uptime is a big deal for Jim Brady, senior e-mail administrator at Cedars-Sinai Medical Center in Los Angeles. He has the tall order of making sure the servers that store roughly 70 million messages—and counting—for the hospital's approximately 8,000 employees stay secure and continuously available.

Here's what it takes to deliver the e-mail at Cedars-Sinai: 75 Microsoft Exchange message "stores," individual repositories that handle about 200 mailboxes apiece. The message stores run on five separate clusters, each with four Intel-architecture servers. The clusters are configured to be fault-tolerant, meaning that if one server freezes up, another one takes over its duties. Every cluster has about 2.5 terabytes of high-speed disk storage.

The e-mail servers that Brady manages function as the central nervous system for Cedars-Sinai, an 880-bed facility that generates $1.3 billion in annual revenue. Of more than 100 clinical and other information systems, which handle everything from patient management and X-ray images to accounting and payroll, nearly all pump information through the Microsoft Exchange e-mail servers.

For example, alerts and agendas for all medical staff meetings are sent through e-mail. Electronic forms, such as those for new patient information, are delivered via e-mail. And critical alerts for the surgical intensive-care unit are funneled through Exchange as well. "If the e-mail isn't working, everything in the hospital stops," Brady says.

For protection, Brady uses eight virus-scanning packages, including products from Symantec, Microsoft's Sybari, Sophos, Kaspersky Lab and two from CA. Not every e-mail is checked by all eight—a routing algorithm assigns messages to different antivirus engines—but every one is scanned at least twice.

"We felt it was necessary to get a layered approach," says Brady, who concedes, "we've overkilled on the virus protection."

Even with eight virus-scanners, however, Cedars-Sinai didn't eliminate mail security issues. The hospital had been hit by at least one zero-day attack, which exploits a vulnerability for which a patch hasn't yet been issued. That virus spread across the network using the Simple Message Transfer Protocol, or SMTP, the Internet standard for sending e-mail. In effect, a virus had installed tiny e-mail servers on unsuspecting employees' desktops and was sending out more viruses via e-mail.

"Occasionally we would find boxes that were spamming from the inside," Brady explains. To fix this, his team shut off the ability for any unauthorized SMTP server to advertise itself as an e-mail server.

Next page: Learn Spam's New Tricks


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.