Re: AV software on partial internet connected network?

From: Duane Arnold (notme_at_notme.com)
Date: 06/03/04


Date: Thu, 03 Jun 2004 11:46:58 GMT

Tx2 <tx2newscollection-invalid-@hotmail.com> wrote in
news:MPG.1b290f774812c35e9898c5@news.individual.net:

>
> I am dealing with a network of 6 PC's of which only one is directly
> connected to the internet. The network is a 'standard' XP workgroup
> type.
>
> Is it necessary to install AV and firewall software on the remaining 6
> PC's as they only ever retrieve/store info from a folder on the
internet
> connected system, not each other.
>
> The internet connected PC should pick up on any viruses that 'come in',
> so the other machines shouldn't really get infected, should they?
>
> Or would i be wise to ensure all 6 machines are equally protected?
>
>

You should look into IPsec that's on the O/S to secure the LAN between
the machines. The AnalogX SecPol file when implemented on each machine
will provide that protection.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

Also, one needs a stand alone AV on each machine as there are more than
one way to have a machine compromised with malware, which usually happens
with *happy finger* users behind a gateway device that's providing
protection.

Lastly, if you have no reason not to be using a NAT router as the gateway
device for the LAN and WAN, then may be you should look into getting one
as they provide better protection and are cheap, like $20. And you can
plug a standalone hub or switch in to the LAN port of the router to
extend the network.

http://www.homenethelp.com/web/explain/about-NAT.asp

Duane :)