Re: AV software on partial internet connected network?
From: Duane Arnold (notme_at_notme.com)
Date: 06/03/04
- Next message: T. Sean Weintz: "Re: What is the difference between a worm and a trojan ?"
- Previous message: Lassi Hippeläinen : "Re: Can my ISP see my NNTP traffic?"
- In reply to: Tx2: "Re: AV software on partial internet connected network?"
- Next in thread: SpamFree: "Re: AV software on partial internet connected network?"
- Reply: SpamFree: "Re: AV software on partial internet connected network?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 03 Jun 2004 17:17:42 GMT
Tx2 <tx2newscollection-invalid-@hotmail.com> wrote in
news:MPG.1b293167f19a1349898c7@news.individual.net:
> In article <Xns94FD44FF820Anotmenotmecoml@204.127.204.17>,
> notme@notme.com, a.k.a Duane Arnold says...
>
> [...]
>
>> Lastly, if you have no reason not to be using a NAT router as the
>> gateway device for the LAN and WAN, then may be you should look into
>> getting one as they provide better protection and are cheap, like
>> $20. And you can plug a standalone hub or switch in to the LAN port
>> of the router to extend the network.
>
>
> The network is a 'basic' Windows XP workgroup LAN using a switch; the
> one PC that has internet access does so via a dial-up connection to
> AOL.
There are several routers that have dial-up capabilities that can be
connected to the modem and have any machine connected to the router, even
via a switch, and make the router dial the ISP and provide the gateway.
The router as the gateway for the LAN as well, MS ICS is out of the
picture period.
1) The gateway computer doesn't have to be on to provide the connection
for the other machine and burning itself up and the electric bill.
2) The gateway machine using its O/S and FW are burning up machine
resources fending off scans and attacks. The router will be sitting in
front of all machines protecting the network and machines behind the
router can do more productive things.
>
> This machine is firewalled and has AV software installed. Hence
> therefore my question if it was necessary to protect the other
> machines simply because ICS is not possible thru the current AOL
> set-up.
The AV should be on each machine to protect that machine. Yes, the
company network has a FW appliance protecting the network from the
Internet, but each machine on the company network has its own standalone
AV installed.
>
> The other machines cannot access the internet, or at least, they are
> not currently configured to do so and given the restrictions AOL
> dial-up places on ICS, i doubt they ever will be.
With the router, the other machines can as AOL will never as the router
allows the single IP assigned by the ISP to be shared by all machines on
the network.
>
> My concern was if a virus could get onto the internet enabled machine
> (which *is* FW'd and AV'd) and find its way onto one of the other
> 'unprotected' networked machines.
Yes it can if the other machines are sharing resources with the gateway
machine.
>
> Personally, i feel each machine should be protected, but i would like
> to get opinion and gauge from that if i am right or wrong, or both
> :-)
>
You seem to be on the right track.
If you don't want to go with the router and use the gateway computer,
then harden the O/S to attack.
http://www.uksecurityonline.com/index5.php
Duane :)
- Next message: T. Sean Weintz: "Re: What is the difference between a worm and a trojan ?"
- Previous message: Lassi Hippeläinen : "Re: Can my ISP see my NNTP traffic?"
- In reply to: Tx2: "Re: AV software on partial internet connected network?"
- Next in thread: SpamFree: "Re: AV software on partial internet connected network?"
- Reply: SpamFree: "Re: AV software on partial internet connected network?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
