New electronic mail policy now in place at Laboratory

A new electronic mail policy has been established at the Laboratory. In connection with the recent bugbear virus infection, Laboratory employees are no longer allowed to use alternative electronic mail servers that are outside the Laboratory's network.

The new policy will affect many Lab employees who use outside POP and IMAP email servers as such as those provided by most commercial Internet service providers. Such services are no longer accessible from Laboratory computers. However, Web mail services, such as those found on yahoo.com, will still work from Laboratory computers.

"This virus directly affected everyone at the Lab because of the replication of e-mail from those that were infected with the virus. It turns out that there were about 700 systems that were affected at the Laboratory," Paul Criscuolo of Network Engineering (CCN-5) said.

The bugbear virus takes advantage of certain email applications, such as Microsoft Outlook, that automatically launch attachments from e-mails that are received. "Once infected, the virus can obtain email addresses in the local address book and resend itself to those entries. Bugbear also turns off most virus scanners and personal firewall products and enables anyone to access the infected machine covertly," Criscuolo explained.

"[Interim Laboratory Director] Pete Nanos stated that the security risk of allowing Laboratory users to check e-mail from outside sources is unnecessary when there are other methods to get those e-mails," Criscuolo added.

Stephen Tenbrink of CCN-5 highlighted the Lab's efforts to control the bugbear epidemic. "As part of an effort to test for the type of vulnerabilities that are susceptible to the recent bugbear virus, the Laboratory's Security Incident Response Team recently sent some test messages to all Lab e-mail accounts," he said. "These e-mails did not contain any virus but did contain an attachment that could trigger virus filters giving us an indication of susceptible systems." Some of these filters stripped out the attachment before it got to Lab employees' 'in' email box, which caused some confusion during the testing, Tenbrink explained.

The Laboratory has an effective e-mail filter that protects Laboratory employees from viruses. "This filter was updated to cover the bugbear virus at 7:30 a.m., on June 5, so after 7:30 we were able to strip any bugbear attachments coming in. However, it turns out many employees were also pulling e-mail onto their Lab computers from remote e-mail servers," Criscuolo said. "These e-mails don't go through the Lab's e-mail relay system so any of these external e-mails that had the bugbear virus would re-infect the network," Criscuolo explained.

"The best business practice would be to forward the e-mail from the outside server to their Lab account," Criscuolo said. "This allows the Laboratory's e-mail filter to detect and eliminate incoming viruses that could threaten Lab computers. Forwarding from an outside server has additional benefits. It allows these e-mails to be examined by the Laboratory's virus protection mechanism. Doing this gives some protection from SPAM [e-mail] as the e-mail relay detects and flags SPAM messages so that users can filter them on their Lab computers."

The new policy creates several changes, but increases the security of the Laboratory, Criscuolo said. "The main difference is now Lab employees will have better assurances that incoming e-mail will be properly scanned. However, it also will mean that they cannot pull external e-mail (e-mail not addressed to someone@lanl.gov) directly into their computer from non-Laboratory e-mail servers outside the firewall," he explained.

"To enhance our protection against such e-mail virus attacks in the future, CCN-5 will be deploying dynamic filter updates on the firewall. This will provide a much faster response to virus attacks than what we had in the past," added Tenbrink.

For questions about the bugbear virus, contact Criscuolo at 5-9045 or write to pcriscuolo@lanl.gov by electronic mail. For information on the new e-mail policy, contact Tenbrink at 7-3310 or write to sct@lanl.gov by electronic mail.

To read an all-employee memo, click here.

--Ed Kellum

Other Headlines