Re: Anti Virus: Improving the defense strategy through proactiveness...

From: Robert R Kircher, Jr. (rrkircher@hotmail.com)
Date: 12/17/01 

From: "Robert R Kircher, Jr." <rrkircher@hotmail.com>
Date: Mon, 17 Dec 2001 15:01:50 -0500

Well Martin, you've received an awful lot of comments that I'm not sure
really answered you question. Frankly, what your looking for doesn't really
exist in a pure form, e.g. one site that "predicts" attacks. However,
www.cert.org is a good place to start. The other site to look at is
http://www.microsoft.com/security/ and subscribe to their security bulletin
email service. There are other vulnerability web sites as well which I am
sure you can find with a google search.

As some posters have pointed out nothing replaces practicing safe computing.
Educating end users is not a waist of time. Of course you have those users
that just don't care or don't understand but the more users you can reach
the less of an issue you will have.

With that said, here is what suggest usually suggest. Layered of protection
is the way to go. It starts with a good Firewall. and then server level
virus protection, and then client level virus protection and then user level
safe computing. As far as what FW or AV to use, well that's up to
preference and budget. At the AV level I currently manage both MacAfee's
Total Defense corporate version and Norton Corporate version. Both work
well and have been no problems to the end users. There are others like CAI
eTrust, but the key thing for me is centralized management and updating. I
usual set these systems up so that only admins can change settings and so
that update happen automatically with out the users knowledge. It's also
important to make sure the AV software will run missed events in case the
computer was off at the scheduled update time. My servers are set up the
same way so that server level AV is updated as well. Norton and MacAfee
both all for a download of new sigs to a local store and then all the
clients don't have to hit the web to update. The most important server to
protect, in my mind, is the email server Find a solution that will scan for
email viruses at the server level. MacAfee Groupware for Exchange caught
Goner before it even left the server on it's way to the client and before I
was even aware of the virus. This again speaks to levels of protection.
Sure the client side has email protection but why let it get that far.
Again most good corporate AV apps have this option. Some even have FW
add-ons.

That all helps stop attracts that originate from the internet, but does
nothing for the dreaded Floppy or Zip disk infection. Here you are reliant
on you client level protection and more importantly safe computing
practices. The other option is to restrict the use of floppy and even local
disk usage. I have one network where the end user can not access the floppy
or the local hard drive.

Lastly, stay on top of security patched especially from MS. IE, OE and O2K
have updates all the time and you want to apply them as soon as you can. If
you are leery about installing patches, which is understandable, setup a
test system prior to deployment and install the patches there. When your
satisfied deploy the patch.

Remember that this is just the way I handle it. There are many ways to
handle security and many more opinions regarding security and no one way is
correct for everyone. My suggestion is to digest everyone's advice and
opinions and work out something that fits in your environment. I think the
short answer is you simply have to stay on top of the situation.

HTH
Rob

"Martin Bishop" <martinbishop@ria.net> wrote in message
news:9vh4v1$8n2$1@slb5.atl.mindspring.net...
> Security Admins,
>
> I find myself being notified about new viruses to late. Please share the
> methods you're currently using to keep yourself aware of new viruses.
> Mailing list, pager notifications, voice mail messages....
>
> Thanks, Bish
>
> --
> Martin Bishop
> Network Security Engineer - martinbishop@ria.net
> ===============================================================
> Pr 10:9 - He that is walking in integrity will walk in security,
> be he that is making his ways crooked will make himself known.
>
>

Relevant Pages

  • [REVS] Bypassing Client Application Protection Techniques
    ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ...
    (Securiteam)
  • Re: UnauthorizedAccessException when using MSDTC
    ... dispatcher2 is the user logged on the client pc. ... Event Source: Security ... Object Server: SC Manager ... Primary Domain: BLITZ ...
    (microsoft.public.data.ado)
  • Re: Routing and Remote Access - Authentication Failure
    ... because the real client computer can tunel through it's local NAT router, ... travel the Intrenet, join the VPN and access the server, when this feature ... Their security system decided that the server was trying to steel ...
    (microsoft.public.windows.server.networking)
  • Re: Anti Virus: Improving the defense strategy through proactiveness...
    ... virus protection, and then client level virus protection and then user level ... same way so that server level AV is updated as well. ... Goner before it even left the server on it's way to the client and before I ... Lastly, stay on top of security patched especially from MS. IE, OE and O2K ...
    (comp.security.misc)
  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
Loading