Re: [fw-wiz] OT: Av and Gartner...

From: Gary Flynn (flynngn_at_jmu.edu)
Date: 07/31/03

  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"
    Date: Thu, 31 Jul 2003 07:50:52 -0400
    
    

    John Keeton wrote:
    > Slightly OT here.
    >
    > In corporate land, where does everyone have AV installed? Currently, we
    > have desktop, NT servers, and email gateway. I am thinking that we need
    > http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp
    > scanning is uneeded. I don't know if I agree.. -OR- Are people installing
    > malicious code detection software, like www.finjan.com??

    We're running on desktops, file servers, and mail gateway. A lot of
    server administrators also run it on their servers. We also block
    several types of executable attachments from traversing our mail gateway
    which has stopped virus spreads before definitions are updated.

    There seems to be a shift away from email as the only spreading
    mechanism. Netbios shares, kazaa and the like, and instant messaging
    applications are being used more and more. Aplore was fairly successful
    using a combination of instant messaging and a malicious web sever on
    the infected machines. I suspect over the next year we'll see quite a
    few exploit RPC/DCOM too.

    An inline border device that understands those secondary protocols, possibly
    including HTTP sessions, would raise the fence. If it could do signature
    analysis and packet dropping for known overflow exploits, protocol anomoly
    protection, content management, and DDOS mitigation that would be good too :)

    -- 
    Gary Flynn
    Security Engineer - Technical Services
    James Madison University
    Please R.U.N.S.A.F.E.
    http://www.jmu.edu/computing/runsafe
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Christopher Hicks: "Re: [fw-wiz] Off topic: Any one know of a good IPV6 reference book?"

    Relevant Pages

    • Re: PPTP Site-to-Site VPN problem
      ... My understanding has always been that if you route between 2 or more different subnets then there has to be a gateway defined. ... If routing on a single subnet then no gateway needs to be defined. ... the RRAS service on the servers. ...
      (microsoft.public.windows.server.networking)
    • Re: NTP shows all servers in condition "reject"
      ... delivered to both our primary and back-up upstream news servers. ... the copies of this original message/article (both pre and post gateway) ... I received, and replied to, the original article via the back-up ...
      (comp.protocols.time.ntp)
    • How To Configure Root Hints vs. Forwarding for Locations Having Different Internet Gateways
      ... My question concerns proper settings for Server 2003 DNS root hints ... I am aware of the need to remove the standard root name servers from ... resolution requests to go to the correct gateway address instead of to ...
      (microsoft.public.windows.server.dns)
    • Re: dhcpd gateway settings
      ... It doesn't *have* to be the gateway to do that. ... not just something else on the same network. ... If the computers on the 192.168.0 and 192.168.1 subnets are actually ... In general, you give all your servers ...
      (Fedora)
    • Re: DC diag ERROR
      ... not on its own subnet, which means you need a gateway to communicate the DNS ... servers at your ISP, since they are also not on your subnet. ...
      (microsoft.public.windows.server.dns)