Re: Should webservers, eg. IIS 6 have anti--virus installed on them?
From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 07/19/05
- Previous message: Jeff Shawgo: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Depp, Dennis M.: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Paul Smith: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Reply: Paul Smith: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Jul 2005 09:17:36 -0700 To: "Depp, Dennis M." <deppdm@ornl.gov>
Okay..... so then
no OWA
no WSUS
no Sharepoint
We do get to do file and printing on this server or is that banned as
well? Define 'web server' folks because these days we 'are' running
IIS/web servers in our domains because [at least in the case of WSUS]
it's actually helping us reduce risk and not increase it.
Depp, Dennis M. wrote:
>Jeff,
>
>Interesting comments. Especially about not having IIS in a domain.
>
>Gill,
>
>To me the issue of virus protection depends on how you get content
>installed on a machine and what type of content is on the machine If you
>have a lot of users loading documents to your web servers, you might
>want to consider adding virus protection to the servers. Of course you
>should also have virus protection on the desktops as well. I would not
>configure on access virus scanning, but instead would have scheduled
>scanning.
>
>Dennis
>
>-----Original Message-----
>From: Jeff [mailto:jeff@turbofish.com]
>Sent: Monday, July 18, 2005 4:15 PM
>To: focus-ms@securityfocus.com
>Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
>them?
>
>Another thing with IIS is it is always good to keep it out of the domain
>altogether. Plus, I monitor all traffic to and from the machine. For
>example, our email/IIS server doesn't attach to the network, it sits all
>by
>it's lonesome on a completely different hub that doesn't touch any of
>the
>networked machines. Ok, it doesn't really get lonely, I talk to it
>everyday
>and it does sit right next to the other servers. I think I caught it
>winking
>at the big SQL server the other day - people are beginning to talk.
>But seriously, you need to check SP everyday and keep all of the holes
>filled so yes, you are correct, that is number one. At the same time, I
>have
>found it helpful to pick and choose which patches to install. I have had
>hardware updates from Microsoft that caused me nothing but grief.
>
>Other concerns with running a IIS server is data. I don't even like
>hooking
>it's SQL server [smallish - just to run web data with] with our big SQL
>server because of security reasons. I even turn off the lights just so
>that
>the other servers won't get jealous
>
>Viruses shouldn't be too much of a trouble with IIS because the vast
>majority of all viruses are activated via email, the rest with a few
>rogue
>sites. Don't run an email client on it, don't surf the web with it, keep
>all
>extra ports locked down, keep all of the service packs and security
>releases, be careful if you run an email server that saves the emails in
>temp files, and just as an extra protection, it wouldn't hurt to have a
>anti-virus running.
>
>Ok, I'm going home to start working on the non system admin programming
>side
>of my job - maybe even get some sleep. I hate these 16 hour work days
>without sleep. You know it's bad when I enjoy getting a power outages
>that
>knocked off all of the PC's in our network. No power, no PC/server
>problems!
>
>-----Original Message-----
>From: Shyaam
>Sent: Monday, July 18, 2005 10:20 AM
>To: ssgill@gilltechnologies.com
>Cc: focus-ms@securityfocus.com
>Subject: Re: Should webservers, eg. IIS 6 have anti--virus installed on
>them?
>
>According to my level of knowledge(which is very minimal, in this
>especially), I would say that a web server should be patched well first.
>the
>anti-virus is a secondary issue. Ofcourse, you need an antivirus too,
>but
>there should always be good patches implemented which checks for the
>latest
>signatures.
>--Shyaam
>
>On 7/17/05, Sarbjit Singh Gill <ssgill@gilltechnologies.com> wrote:
>
>
>>
>>Greetings
>>
>>Should IIS have anti-virus installed on them. I know I would do it for
>>
>>
>
>
>
>>a fileserver but for IIS, I rather lock it down.
>>
>>Thanks.
>>/Gill
>>
>>
>>----------------------------------------------------------------------
>>-----
>>----------------------------------------------------------------------
>>-----
>>
>>
>>
>>
>
>
>--
>Thank you in advance for your time and consideration.
>Yours Sincerely,
>R.S.Shyaam Sundhar
>
>------------------------------------------------------------------------
>---
>------------------------------------------------------------------------
>---
>
>
>
>------------------------------------------------------------------------
>---
>------------------------------------------------------------------------
>---
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
>
>
>
>
-- Letting your vendors set your risk analysis these days? http://www.threatcode.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Jeff Shawgo: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Depp, Dennis M.: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Next in thread: Paul Smith: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Reply: Paul Smith: "Re: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
