Re: [fw-wiz] OT: Av and Gartner...

From: Gary Flynn (flynngn_at_jmu.edu)
Date: 07/31/03

  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?" 
    Date: Thu, 31 Jul 2003 07:50:52 -0400

    John Keeton wrote:
    > Slightly OT here.
    >
    > In corporate land, where does everyone have AV installed? Currently, we
    > have desktop, NT servers, and email gateway. I am thinking that we need
    > http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp
    > scanning is uneeded. I don't know if I agree.. -OR- Are people installing
    > malicious code detection software, like www.finjan.com??

    We're running on desktops, file servers, and mail gateway. A lot of
    server administrators also run it on their servers. We also block
    several types of executable attachments from traversing our mail gateway
    which has stopped virus spreads before definitions are updated.

    There seems to be a shift away from email as the only spreading
    mechanism. Netbios shares, kazaa and the like, and instant messaging
    applications are being used more and more. Aplore was fairly successful
    using a combination of instant messaging and a malicious web sever on
    the infected machines. I suspect over the next year we'll see quite a
    few exploit RPC/DCOM too.

    An inline border device that understands those secondary protocols, possibly
    including HTTP sessions, would raise the fence. If it could do signature
    analysis and packet dropping for known overflow exploits, protocol anomoly
    protection, content management, and DDOS mitigation that would be good too :) 

    -- 
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"

    Relevant Pages

    • Re: PPTP Site-to-Site VPN problem
      ... My understanding has always been that if you route between 2 or more different subnets then there has to be a gateway defined. ... If routing on a single subnet then no gateway needs to be defined. ... the RRAS service on the servers. ...
      (microsoft.public.windows.server.networking)
    • Re: NTP shows all servers in condition "reject"
      ... delivered to both our primary and back-up upstream news servers. ... the copies of this original message/article (both pre and post gateway) ... I received, and replied to, the original article via the back-up ...
      (comp.protocols.time.ntp)
    • How To Configure Root Hints vs. Forwarding for Locations Having Different Internet Gateways
      ... My question concerns proper settings for Server 2003 DNS root hints ... I am aware of the need to remove the standard root name servers from ... resolution requests to go to the correct gateway address instead of to ...
      (microsoft.public.windows.server.dns)
    • Re: DC diag ERROR
      ... not on its own subnet, which means you need a gateway to communicate the DNS ... servers at your ISP, since they are also not on your subnet. ...
      (microsoft.public.windows.server.dns)
    • Re: DNS MX record question
      ... I won't disagree, but I night suggest that your timeline could be a little ... Some DNS servers cache records for varying lengths of time. ... > with MX record and other gateway on new ISP with no MX record. ...
      (microsoft.public.exchange.connectivity)