Re: [fw-wiz] OT: Av and Gartner...

From: John Keeton (jkeeton_at_nettoxin.net)
Date: 07/31/03

  • Next message: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security" 
    To: firewall-wizards@honor.icsalabs.com
Date: Thu, 31 Jul 2003 07:23:39 -0500

    Everyone, thanks for the replys. I am somewhat suprised that everyone doesn't
    scan http/ftp. My worry is that something could be d/l'ed and reside only
    in memory, and then do something.

    But what could it do?
    DOS someone else..
    rm -rf /..
    Worm out to spread.
    Spread via files..

    The last 2 should be caught becaue AV is installed on every single MS box.

    As far as my setup, no one can talk out anything w/o going through the proxy.
    IDS kills[1] .exe's.. But, the problem is, the 1% of people that violate
    policy, and build their own machine[2] don't have AV a lot of times, and these
    are the people who scare the heck out of me because they think they
    know what they are doing, and in reality, they are our biggest threat.

    I am torn if I am more worried about virus's via http malware in Java or
    ActiveX puke.. I don't think AV would/could catch the latter even if it was
    installed everywhere..

    The PL on this effort, has already had her decision on this. But she always
    does that after speaking with one person.

    Thanks again,
    jkeeton

    [1] Sometimes on a good day, unless you hit reload enough so that it misses
    the .exe
    [2] We are rather large, ~25k machines, and there is a small % of "accepted"
    violation of IS/Security policy, because the admin support team can't/won't/
    aren't allowed to support people. We are STILL running NT4.0.. A lot of
    stuff needs 2k, or xp..
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Robertson: "Re: [fw-wiz] HTML Emails and Firewall Security"