OR/MS Today - June 2002 - INFORMS Online

<BODY bgcolor="#ffffff" link="cc0000" vlink="cc0000" text="#000000"> <img src="../cleardot.gif" width=1 height=1 vspace=4 border=0><br>   <table border=0 cellspacing=0 cellpadding=0 width=480><tr valign=top> <td width=10><img src="../cleardot.gif" width=1 height=1 hspace=4 border=0></td> <td width=470> <FONT face="verdana, arial, helvetica" SIZE=2><B><I><A HREF="../../ORMS.shtml" TARGET="_top">OR/MS Today</A> - June 2002</I></B></font><BR> <hr size="1"> <img src="cleardot.gif" width=1 height=1 vspace=4 border=0><br> <font face="times new roman, times"> <img src="../cleardot.gif" width=1 height=1 vspace=4 border=0><br> <FONT face="verdana, arial, helvetica" SIZE=2><B>INFORMS Online</B></FONT><br> <IMG SRC="../barbluehook.gif" WIDTH="468" HEIGHT="4"><br> <img src="../cleardot.gif" width=1 height=1 vspace=8 border=0><br> <FONT SIZE="+2"><B>Security (Part II):<BR> Hello, iol_editor, darling</B></FONT><BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <FONT face="verdana, arial, helvetica" SIZE=2><B>By Matthew Saltzman</B></FONT><br> <hr size="1"> <img src="../cleardot.gif" width=1 height=1 vspace=12 border=0><br>    I don't know about you, but since the April issue of <I>OR/MS Today</I> appeared, I have been inundated by a steady stream of virus-laden e-mails, mostly variants of an animal known as W32.Klez.*, where the "*" might be any of several letters  "E," "H," etc. This virus/worm afflicts Microsoft Outlook users. When activated, it sends itself by e-mail to every address it can find in address books and mail folders. It chooses any one of a number of subject lines at random  one example is the title of this column. The mail sent by this virus usually has the return address forged using some other address in the victim's address book, so that a virus scanner on the recipient's mail server will notify the wrong person of the infection. <BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> Some variations of Klez include their own mail server, so you need not connect to a mail server to spread the infection. The program you use to manage e-mail messages and folders is your mail {\em client}. When you send an e-mail, the client formats the message and requests that the mail server or {\em mail transfer agent} (MTA) actually transmit the message to the receiver's MTA. You may be required to authenticate to your mail server in order to prevent accidental transmission of viruses, but Klez bypasses that security measure.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> The writers of viruses, worms and Trojan horses continue to expand their repertoire of attack modes, but the spread of most of these attacks could be mitigated if every computer user took some simple precautions.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Acquire a virus detector and keep it up to date. Widely used ones include those from McAfee (<A HREF="http://www.mcafee.com" TARGET="_new">www.mcafee.com</A>) and Symantec (<A HREF="http://www.symantec.com" TARGET="_new">www.symantec.com</A>). Check for updates often (at least weekly).<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Check for system updates regularly (at least semi-weekly). Recent versions of Microsoft Windows have a semi-automated system for applying updates. For older versions, updates must be applied manually. Do not install "patches" sent by e-mail; some viruses propagate by claiming to be security patches.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Don't run services that you don't need. Windows NT 4 was notorious for installing the Microsoft IIS Web server by default; machines not intended as Web servers were vulnerable to attack and the users were not even aware that they were running the servers. This was one important reason for the rapid spread of the Code Red and Nimda worms last fall. Other operating system distributions were no less guilty of sacrificing security for convenience. Fortunately, this situation has improved substantially in the last year or so.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Install a firewall program and configure it to reject all connections that you don't need to allow. Several companies offer firewall programs that are free for personal use; a well-reviewed one is ZoneAlarm (<A HREF="http://www.zonelabs.com" TARGET="_new">www.zonelabs.com</A>). If you are on a large, heterogeneous network, such as a university, it's a good idea to run a firewall even if the network itself is already firewalled. If you are connected directly to the Internet (as at home), you should run a firewall, whether your connection is dialup or high-speed.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>If you can avoid it, don't run Microsoft Outlook. Most recent e-mail viruses have targeted Outlook, reading its address books and perhaps relying on it to send their payloads on. Configure your mail client to not open attachments automatically and to require approval before forwarding e-mail. Don't open attachments you aren't expecting, even if they come from trusted friends or associates. If someone needs to send you an attachment, have them archive the files in a Zip file or similar format.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>If you have received Klez-laden e-mails from addresses at <A HREF="http://www.informs.org" TARGET="_new">www.informs.org</A>, the return addresses are forged. IOL's Linux-based mail clients are incapable of transmitting Windows viruses. Nearly all of the mailing lists that we run are moderated, so the likelihood of viruses slipping through is very low. <BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>If you run a Web server and can avoid it, don't run IIS. Most recent Web-server worms have targeted IIS (even though Apache is more widely deployed). The Apache Web server is free, available for Windows, and has a better recent security history. Apache servers were not affected by Code Red or Nimda. At IOL, we run Apache under Linux. If you must run IIS, keep it up to date.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Prefer secure connection protocols. Telnet and ftp transmit all communications in the clear. Computers on the network can eavesdrop and pick out passwords. The Secure Shell (SSH) and Secure FTP (SFTP) protocols communicate over encrypted channels, making it much more difficult (though not impossible) to break their security.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Use good passwords. Passwords should be non-dictionary words, mixed-case (including letters, numbers and even punctuation characters) and at least six to eight characters long. A common way to generate passwords that are easy to remember is to use the first letters of words in a sentence that you can remember. <BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> <LI>Persuade your local system administrator or ISP to run a mail filter (a {\em milter}) to catch viruses at the MTA before they reach your mailbox.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=6 border=0><br> While several of the suggestions above apply to users of Microsoft Windows, the general principles apply equally well to other systems. If everyone were to follow these suggestions, the Internet would be a safer, more pleasant place to spend time.<BR> <img src="../cleardot.gif" width=1 height=1 vspace=4 border=0><br> <IMG SRC="../barbluehook.gif" WIDTH="468" HEIGHT="4"><br> <img src="../cleardot.gif" width=1 height=1 vspace=2 border=0><br> <FONT face="verdana, arial, helvetica" SIZE=2><I>Matthew Saltzman (<A HREF="mailto:mjs@ces.clemson.edu">mjs@ces.clemson.edu</A>) is an associate professor of Mathematical Sciences at Clemson University and the editor of Informs Online.</I><BR>  <img src="../cleardot.gif" width=1 height=1 vspace=5 border=0><br>  <img src="../barblue.gif" width=468 height=1 border=0 alt=" "><br> <img src="../cleardot.gif" width=1 height=1 vspace=8 border=0><br> <font face="verdana, arial, helvetica" size="1"> <CENTER><script type="text/javascript"></script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script></CENTER><br> <img src="../cleardot.gif" width=1 height=1 vspace=8 border=0><br> <LI> <A HREF="tocfr.html" Target="_top"><I>Table of Contents</I></A><br> <img src="../cleardot.gif" width=1 height=1 vspace=4 border=0><br> <LI> <A HREF="../../ORMS.shtml" TARGET="_top"><I>OR/MS Today</I> Home Page</A><br>  <img src="../cleardot.gif" width=1 height=1 vspace=8 border=0><br> <img src="../barblue.gif" width=468 height=1 border=0 alt=" "><br> <b><i>OR/MS Today</i></b> copyright © 2002 by <A HREF="http://www.informs.org/" target="_new">the Institute for Operations Research and the Management Sciences</a>. All rights reserved.<br> <img src="../cleardot.gif" width=1 height=1 vspace=3 border=0><br> <img src="../bargrey.gif" width=468 height=1 border=0 alt=" "><br> <b>Lionheart Publishing, Inc.</b><br> 506 Roswell Street, Marietta, GA 30060 USA<br> Phone: 770-431-0867 | Fax: 770-432-6969<br> E-mail: <a href="mailto:lpi@lionhrtpub.com">lpi@lionhrtpub.com</a><br> URL: <A HREF="http://www.lionhrtpub.com" target="_top">http://www.lionhrtpub.com</A><br> <img src="../cleardot.gif" width=1 height=1 vspace=3 border=0><br> <img src="../bargrey.gif" width=468 height=1 border=0 alt=" "><br> Web Site © Copyright 2002 by Lionheart Publishing, Inc. All rights reserved. </td></tr></table> <img src="../cleardot.gif" width=1 height=1 vspace=2 border=0><br> </BODY>