RE: Should webservers, eg. IIS 6 have anti--virus installed on them?
S_Dorn/CIB_at_BANKCIB.COM
Date: 07/20/05
- Previous message: Jeff Shawgo: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Next in thread: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Harlan Carvey <keydet89@yahoo.com> Date: Wed, 20 Jul 2005 12:16:31 -0500
CIL....
Stefan Dorn
Harlan Carvey <keydet89@yahoo.com> wrote on 07-19-2005 06:49:09 PM:
>
> > I have a completely different view. I think that
> > AV, while not the silver
> > bullet, is a solid line of defence.
>
> Perhaps, but from what? It won't protect the box from
> being broken into, and the argument that it will
> protect you from things we don't know about yet just
> doesn't hold.
If someone were to compromise the server enough so that they could upload
a rootkit or something, AV could potentially detect some or all of it, if
they used a kit they didn't create themselves. The real question should be
"what harm is caused by having AV installed on a web server?".
>
> > The more
> > lines of defence you have, the more proactively you
> > have secured your environment.
>
> And the more things you have to manage, and the more
> things you have to look at when troubleshooting an
> issue...and yet another set of logs that you have to
> review.
>
Policies and procedures can help mitigate this, along with proper
configuration and automation of updates and reporting. If some viral
outbreak occurred exploiting a component of that server's OS or web
services, I'd rather have more logging than less logging available to
determine what happened.
> > In a perfect world everything would be nicely
> > secured, things like Windows
> > and TCP/IP would have been designed for security and
> > we would all be proactive not reactive.
>
> But you can be proactive with Windows...there are a
> great number of things you can do to secure a Windows
> system proactively. The problem is that few of them
> are done.
>
There are a great many, and indeed few of them are properly executed, in
general. But in the case where a system administrator accidentally does
not follow a strict and secure protocol or procedure, even just one time
(lets say they don't verify a checksum on an update file, and it is
infected somehow,) I would rather give that server an additional line of
defense.
All other things aside, trying to explain why there's no AV installed on
the web server to your board of directors or president (after a 3rd party
audit makes a stink about it) will probably cost your IT staff more time
and money than just installing the AV in the first place.
> Harlan
>
>
> ------------------------------------------
> Harlan Carvey, CISSP
> "Windows Forensics and Incident Recovery"
> http://www.windows-ir.com
> http://windowsir.blogspot.com
> ------------------------------------------
>
>
---------------------------------------------------------------------------
>
>
---------------------------------------------------------------------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Jeff Shawgo: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Next in thread: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
