RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

From: Sarbjit Singh Gill (ssgill_at_gilltechnologies.com)
Date: 07/19/05

  • Next message: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
    To: <focus-ms@securityfocus.com>
    Date: Tue, 19 Jul 2005 23:02:31 +0800
    
    

     
    Greetings,

    I think there are 2 main schools here:
    1. AV required depending on server role and usage. If documents remain
    relatively static(web server serves content only), then lock down, fully
    patched and no AV required. It is secondary. If running a site where
    documents are uploaded by users, e.g. a web based document management
    system(e.g. sharepoint) where documents are uploading reqularly then a AV is
    required for sure.

    2. AV required always. Filtered scanning required.

    /Gill

    > -----Original Message-----
    > From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
    > Sent: Tuesday, July 19, 2005 5:00 AM
    > To: Jeff; focus-ms@securityfocus.com
    > Subject: RE: Should webservers, eg. IIS 6 have anti--virus
    > installed on them?
    >
    > Jeff,
    >
    > Interesting comments. Especially about not having IIS in a domain.
    >
    > Gill,
    >
    > To me the issue of virus protection depends on how you get
    > content installed on a machine and what type of content is on
    > the machine If you have a lot of users loading documents to
    > your web servers, you might want to consider adding virus
    > protection to the servers. Of course you should also have
    > virus protection on the desktops as well. I would not
    > configure on access virus scanning, but instead would have
    > scheduled scanning.
    >
    > Dennis
    >
    > -----Original Message-----
    > From: Jeff [mailto:jeff@turbofish.com]
    > Sent: Monday, July 18, 2005 4:15 PM
    > To: focus-ms@securityfocus.com
    > Subject: RE: Should webservers, eg. IIS 6 have anti--virus
    > installed on them?
    >
    > Another thing with IIS is it is always good to keep it out of
    > the domain altogether. Plus, I monitor all traffic to and
    > from the machine. For example, our email/IIS server doesn't
    > attach to the network, it sits all by it's lonesome on a
    > completely different hub that doesn't touch any of the
    > networked machines. Ok, it doesn't really get lonely, I talk
    > to it everyday and it does sit right next to the other
    > servers. I think I caught it winking at the big SQL server
    > the other day - people are beginning to talk.
    > But seriously, you need to check SP everyday and keep all of
    > the holes filled so yes, you are correct, that is number one.
    > At the same time, I have found it helpful to pick and choose
    > which patches to install. I have had hardware updates from
    > Microsoft that caused me nothing but grief.
    >
    > Other concerns with running a IIS server is data. I don't
    > even like hooking it's SQL server [smallish - just to run web
    > data with] with our big SQL server because of security
    > reasons. I even turn off the lights just so that the other
    > servers won't get jealous
    >
    > Viruses shouldn't be too much of a trouble with IIS because
    > the vast majority of all viruses are activated via email, the
    > rest with a few rogue sites. Don't run an email client on it,
    > don't surf the web with it, keep all extra ports locked down,
    > keep all of the service packs and security releases, be
    > careful if you run an email server that saves the emails in
    > temp files, and just as an extra protection, it wouldn't hurt
    > to have a anti-virus running.
    >
    > Ok, I'm going home to start working on the non system admin
    > programming side of my job - maybe even get some sleep. I
    > hate these 16 hour work days without sleep. You know it's bad
    > when I enjoy getting a power outages that knocked off all of
    > the PC's in our network. No power, no PC/server problems!
    >
    > -----Original Message-----
    > From: Shyaam
    > Sent: Monday, July 18, 2005 10:20 AM
    > To: ssgill@gilltechnologies.com
    > Cc: focus-ms@securityfocus.com
    > Subject: Re: Should webservers, eg. IIS 6 have anti--virus
    > installed on them?
    >
    > According to my level of knowledge(which is very minimal, in
    > this especially), I would say that a web server should be
    > patched well first.
    > the
    > anti-virus is a secondary issue. Ofcourse, you need an
    > antivirus too, but there should always be good patches
    > implemented which checks for the latest signatures.
    > --Shyaam
    >
    > On 7/17/05, Sarbjit Singh Gill <ssgill@gilltechnologies.com> wrote:
    > >
    > > Greetings
    > >
    > > Should IIS have anti-virus installed on them. I know I
    > would do it for
    >
    > > a fileserver but for IIS, I rather lock it down.
    > >
    > > Thanks.
    > > /Gill
    > >
    > >
    > >
    > ----------------------------------------------------------------------
    > > -----
    > >
    > ----------------------------------------------------------------------
    > > -----
    > >
    > >
    >
    >
    > --
    > Thank you in advance for your time and consideration.
    > Yours Sincerely,
    > R.S.Shyaam Sundhar
    >
    > --------------------------------------------------------------
    > ----------
    > ---
    > --------------------------------------------------------------
    > ----------
    > ---
    >
    >
    >
    > --------------------------------------------------------------
    > ----------
    > ---
    > --------------------------------------------------------------
    > ----------
    > ---
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > -------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"