RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?
From: Brunner, Mark (MBrunner_at_tor.fasken.com)
Date: 07/20/05
- Previous message: Greg Kelley: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Maybe in reply to: Steven Hay: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Next in thread: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 20 Jul 2005 16:01:54 -0400 To: <focus-ms@securityfocus.com>
Harlan,
We chatted about this offline, and we sort of agreed to disagree, but besides the catch-all "good admin practices", what processes, procedures, or hardening steps are you performing that fully replace Anti-Virus software on any system? Are you patching your production web server the day of MS and other vendor patch announcements at day-zero? What about day -1? Do you run full-scale, multi-engine penetration tests on your IIS box to test all of its components and connected systems 24/7 to verify that it is attack proof? I've gotta have these procedures!
It seems to me that A/V vendors are providing value in their products, and that value is self evident. Security is all about managing risk versus the cost of doing so. If you have done a risk analysis that shows that A/V and the cost to purchase, maintain and support it outweigh the benefits of malware risk reduction on a highly visible, internet facing, critical (in the case of web-dependant companies) piece of infrastructure, I would love to see it. It may be true for your environment. No one knows for sure but you.
In my environment, it just does not compute.
Mark
-----Original Message-----
From: Harlan Carvey [mailto:keydet89@yahoo.com]
Sent: Tuesday, July 19, 2005 7:49 PM
To: Steven Hay; focus-ms@securityfocus.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
th em?
> I have a completely different view. I think that
> AV, while not the silver
> bullet, is a solid line of defence.
Perhaps, but from what? It won't protect the box from
being broken into, and the argument that it will
protect you from things we don't know about yet just
doesn't hold.
> The more
> lines of defence you have, the more proactively you
> have secured your environment.
And the more things you have to manage, and the more
things you have to look at when troubleshooting an
issue...and yet another set of logs that you have to
review.
> In a perfect world everything would be nicely
> secured, things like Windows
> and TCP/IP would have been designed for security and
> we would all be proactive not reactive.
But you can be proactive with Windows...there are a
great number of things you can do to secure a Windows
system proactively. The problem is that few of them
are done.
Harlan
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Greg Kelley: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Maybe in reply to: Steven Hay: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Next in thread: Brady McClenon: "RE: Should webservers, eg. IIS 6 have anti--virus installed on th em?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
