RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

• Previous message: Wozny, Scott (US - New York): "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Maybe in reply to: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Next in thread: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Reply: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 20 Jul 2005 15:01:50 -0400
To: "Harlan Carvey" <keydet89@yahoo.com>, <focus-ms@securityfocus.com>

That's all hind sight, Harlan. Getting people to protect their servers
with basic tools like antivirus is far more feasible than trying to turn
everyone into exploit clairvoyants!

It is a very simple and indisputable fact that antivirus played a major
part in saving many very important companies a very large sum of money.
Ignoring that is not advisable.

It's irresponsible to expose a server to the Internet without antivirus
protection on it no matter what its role is.

It seems to me that there is an air of arrogance in the thought process
that says "I was able to beat it last time, so I have no worries about
the future". Many of the companies that lost millions thought that they
had all of the bases covered. Contrary to what you're trying to imply,
it was not that they were just lazier than you or less "elite". Not
every company can afford a 24/7 security geek standing at their routers
checking the exploits at the door! We can all afford basic antiviral
protection, though.

You may be patting yourself on the back because it didn't hit you this
time but it was pure luck that it was a patch that you where aware of.
Letting your guard down is such an amateur and arrogant mistake.

- Steve
http://www.vncscan.com

-----Original Message-----
From: Harlan Carvey [mailto:keydet89@yahoo.com]
Sent: Wednesday, July 20, 2005 2:49 PM
To: focus-ms@securityfocus.com
Cc: Steve Bostedor; Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP];
jeff@shawgo.com
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on
them?

> I wouldn't dream of leaving one of our web servers
> without antivirus
> software on it for a second! Everyone take a second
> and remember back
> to the Code Red and the various SQL worms. All that
> it took was a
> buffer overflow and a virus was on your system
> before you could blink.

Yes, and all that it took to protect against Code Red
was to have disabled the .idq/.ida script mapping.
SQL Spida infected systems with blank 'sa' passwords.
SQL Slammer targetted UDP port 1434.

In all of these cases, A/V should not have been
needed, had proper administration been conducted in
the first place.

Again, the security process was broken in each case,
and installing A/V was just a band-aid.

> We were saved because by the time that it hit our
> servers, Symantec had
> a cure and stopped it.

Why did these hit your servers in the first place?
Why did you have .idq/.ida script mappings enabled?
Were they required? Why did you have a blank 'sa'
password on your SQL database server? Why were you
exposing UDP 1434 to the Internet?

> This is just one example of
> what COULD happen to
> you should you neglect to properly secure your web
> servers with at LEAST antivirus protection.

Had properly and well documented procedures been
observed in the first place, A/V would not have been
necessary.
 
Harlan

------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Wozny, Scott (US - New York): "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Maybe in reply to: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Next in thread: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Reply: Harlan Carvey: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Should webservers, eg. IIS 6 have anti--virus installed on them? ... > protect their servers ... > with basic tools like antivirus is far more feasible ... > protection on it no matter what its role is. ... routers", as you say. ... (Focus-Microsoft) RE: Should webservers, eg. IIS 6 have anti--virus installed on them? ... SQL Spida infected systems with blank 'sa' passwords. ... had proper administration been conducted in ... Why did these hit your servers in the first place? ... > servers with at LEAST antivirus protection. ... (Focus-Microsoft) Re: Anti-Virus software best practice ... servers without antivirus can potentially be hit by RPC worms ... time by some custom application or SQL job. ... (microsoft.public.security) Re: How About a Hardended Win2K Image to Bash? ... this and to them antivirus protection has a low TCO considering the havoc it ... part time admin that knows how to lock down a network or OS. ... There is also the possibility of a zero day threat that a antivirus ... (microsoft.public.security) Re: Which Virus Program To Get ... If you haven't been using antivirus protection and if you are connected to ... SHOULD use anti-spyware, anti-trojan, and anti-adware protection. ... > I have been reading the reviews from Amazon. ... > me your pointer. ... (microsoft.public.security.virus)