RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 07/20/05

  • Next message: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?" 
    Date: Wed, 20 Jul 2005 12:22:30 -0700 (PDT)
To: Steve Bostedor <Steveb@tshore.com>, focus-ms@securityfocus.com

    > That's all hind sight, Harlan. Getting people to
    > protect their servers
    > with basic tools like antivirus is far more feasible
    > than trying to turn
    > everyone into exploit clairvoyants!
    >
    > It is a very simple and indisputable fact that
    > antivirus played a major
    > part in saving many very important companies a very
    > large sum of money.
    > Ignoring that is not advisable.

    Again, as I stated before, it was a band-aid...and it
    worked this time. The real issue is that systems are
    exposed to the Internet all the time w/ poor/no admin
    passwords, poorly configured services, etc., and it's
    software such as A/V products that are deemed the
    heros for picking up the slack. In a nutshell, it's
    enabling the poor administration behaviour.

    > It's irresponsible to expose a server to the
    > Internet without antivirus
    > protection on it no matter what its role is.

    Perhaps. I happen to not agree with you on that. I
    believe, however, that it is irresponsible to expose a
    server to the Internet with no Admin or 'sa' password,
    or to with unneeded services enabled.

    > It seems to me that there is an air of arrogance in
    > the thought process
    > that says "I was able to beat it last time, so I
    > have no worries about
    > the future". Many of the companies that lost
    > millions thought that they
    > had all of the bases covered. Contrary to what
    > you're trying to imply,
    > it was not that they were just lazier than you or
    > less "elite".

    There was no implication of that nature on my part,
    nor is there an elitist attitude. The basic
    configuration steps that I mention have been posted on
    the MS site as far back as IIS 4.0's time...that fact
    that they weren't followed is another matter entirely,
    and one not solved by the installation of A/V
    software.

    > Not
    > every company can afford a 24/7 security geek
    > standing at their routers
    > checking the exploits at the door! We can all
    > afford basic antiviral protection, though.

    That's a business decision, and one that affects the
    security process. One doesn't have to "stand at the
    routers", as you say. All one has to do is understand
    what traffic needs to pass through the routers, and
    disable the rest...and to be honest, it's really not
    as hard as most folks make it out to be. Replicate
    the rulesets from your routers on your firewalls, and
    alert there. If you allow traffic in to port 80,
    redirect it to the public firewall that you've
    thoughtfully placed in a DMZ/separate segment.
     
    > You may be patting yourself on the back because it
    > didn't hit you this
    > time but it was pure luck that it was a patch that
    > you where aware of.
    > Letting your guard down is such an amateur and
    > arrogant mistake.

    I haven't let my guard down. I simply take the time
    to try and understand the nature of the threats, and
    plan accordingly. I don't see anything amateurish or
    arrogant in that.

    Harlan

    ------------------------------------------
    Harlan Carvey, CISSP
    "Windows Forensics and Incident Recovery"
    http://www.windows-ir.com
    http://windowsir.blogspot.com
    ------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------

  • Next message: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"

    Relevant Pages

    • RE: Should webservers, eg. IIS 6 have anti--virus installed on them?
      ... Getting people to protect their servers ... It is a very simple and indisputable fact that antivirus played a major ... protection on it no matter what its role is. ... SQL Spida infected systems with blank 'sa' passwords. ...
      (Focus-Microsoft)
    • Re: How About a Hardended Win2K Image to Bash?
      ... this and to them antivirus protection has a low TCO considering the havoc it ... part time admin that knows how to lock down a network or OS. ... There is also the possibility of a zero day threat that a antivirus ...
      (microsoft.public.security)
    • Re: Best Antivirus
      ... me each supplied Mac antivirus software. ... Actually, it's worse than crap, since it causes annoyances. ... Any Windows machine which does not have adequate antimalware protection is ... unless that machine is on a network I'm ...
      (comp.sys.mac.apps)
    • Re: Which Virus Program To Get
      ... If you haven't been using antivirus protection and if you are connected to ... SHOULD use anti-spyware, anti-trojan, and anti-adware protection. ... > I have been reading the reviews from Amazon. ... > me your pointer. ...
      (microsoft.public.security.virus)
    • Re: Best Antivirus
      ... Actually, it's worse than crap, since it causes annoyances. ... And don't blaim me or any other antivirus users the day you're causing a complete breakdown somewhere, because of your stupidity not protecting your computer with an antivirus app. ... Any Windows machine which does not have adequate antimalware protection is a disaster waiting to happen... ... I decline to do extra work and spend extra money to protect someone else's network. ...
      (comp.sys.mac.apps)