Re: [fw-wiz] OT: Av and Gartner...

From: Gary Flynn (flynngn_at_jmu.edu)
Date: 07/31/03

  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
    Date: Thu, 31 Jul 2003 07:50:52 -0400
    
    

    John Keeton wrote:
    > Slightly OT here.
    >
    > In corporate land, where does everyone have AV installed? Currently, we
    > have desktop, NT servers, and email gateway. I am thinking that we need
    > http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp
    > scanning is uneeded. I don't know if I agree.. -OR- Are people installing
    > malicious code detection software, like www.finjan.com??

    We're running on desktops, file servers, and mail gateway. A lot of
    server administrators also run it on their servers. We also block
    several types of executable attachments from traversing our mail gateway
    which has stopped virus spreads before definitions are updated.

    There seems to be a shift away from email as the only spreading
    mechanism. Netbios shares, kazaa and the like, and instant messaging
    applications are being used more and more. Aplore was fairly successful
    using a combination of instant messaging and a malicious web sever on
    the infected machines. I suspect over the next year we'll see quite a
    few exploit RPC/DCOM too.

    An inline border device that understands those secondary protocols, possibly
    including HTTP sessions, would raise the fence. If it could do signature
    analysis and packet dropping for known overflow exploits, protocol anomoly
    protection, content management, and DDOS mitigation that would be good too :)

    -- 
    Gary Flynn
    Security Engineer - Technical Services
    James Madison University
    Please R.U.N.S.A.F.E.
    http://www.jmu.edu/computing/runsafe
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"