RE: antivirus software for DMS computers???

["Burton M. Strauss III" <BStrauss () acm org>]

Isn't is just simply prudent to take the simple precautions you can?

Say you're running an Web+FTP server in your DMZ... isn't the last think
TPHB wants to hear about from his PHB about the newspaper article saying
"Hackers used a server at XYZ Corp to host kiddy pr0n"?

Isn't the core issue to take reasonable and prudent precautions?  That seems
to me to qualify as best practices without question.

Any of the decent AV software solutions, with automatic updates and some
light weight monitoring costs you what?  US$50/year + a few hours a month.
The AV vendors have gotten pretty good about adjusting for new threat
vectors.  Maybe not immediately, but pretty soon.

Same thing for a software firewall (Whether it's built-in to the OS like
WinServer2003 has or an iptables script, etc. is irrelevant).

With the AV scanning the uploads and the firewall locking out all ports
except those for services you provide, aren't you at far, far less risk?

-----Burton

> -----Original Message-----
> From: Jonathan Pokrzyk [mailto:jpokrzyk () matriximaging com]
> Sent: Friday, May 21, 2004 12:27 PM
> To: security-basics () securityfocus com
> Subject: RE: antivirus software for DMS computers???
>
>
> I also agree with the defense depth theory. The more layers the better.
> But maybe someone can clarify some things for me. If these are just
> servers and not workstations they are at zero risk of virus getting in
> through email. And AV software has very little to do with stopping
> worms? I guess it would help to identify any trojan software on the
> machine but I would think that if you just lock down the ports you would
> be fine without running any anti-virus software. But I'm not an expert.
> My comment was more of a question than a response.
>
> -----Original Message-----
> From: Ray Lewis [mailto:rlewis () anpi org]
> Sent: Thursday, May 20, 2004 12:59 PM
> To: security-basics () securityfocus com
> Cc: Pierre Dufresne
> Subject: RE: antivirus software for DMS computers???
>
> All of my servers in the DMZ have AV protection. The performance penalty
> is negligible as compared to the risk of a worm or virus infecting all
> of the servers in your DMZ if it gets in there. I consider it good
> practice and definitely subscribe to the defense in depth theory. Good
> luck.
>
> -----Original Message-----
> From: Pierre Dufresne [mailto:pierre.dufresne () messf gouv qc ca]
> Sent: Wednesday, May 19, 2004 1:37 PM
> To: security-basics () securityfocus com
> Subject: antivirus software for DMS computers???
>
>
>
> Hi,
>
>
>
> We currently have a typical DMZ made up with some web servers between an
> external firewall and an internal firewall. Because of "historical
> reasons", none of these machines are equipped with antivirus software.
>
>
>
> For the sake of defense in depth, I would like to install antivirus
> sorftware on each of these machines.
>
>
>
> Someone in my company argues that we shouldn't do it because it could
> have a negative impact on performance.  He also mentions that since
> firewalls act as some sort of routers between networks, they are not
> "directly" vulnerable to virus attacks.  As for the web servers, they
> also should be less prone to viruses since they are hardened servers
> which get patched more rapidly than others.
>
> What do you think of this?
>
>
>
> I just would like to know if everyone on this list protect their DMZ
> machine with antivirus software? It seems to me like standard good
> practice.
>
>
>
> Thank you!
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off any course! All of our class sizes are guaranteed to be 10 students
> or less to facilitate one-on-one interaction with one of our expert
> instructors.
> Attend a course taught by an expert instructor with years of
> in-the-field pen testing experience in our state of the art hacking lab.
> Master the skills of an Ethical Hacker to better assess the security of
> your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----
>
>
>
> ------------------------------------------------------------------------
> ---
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
> off
> any course! All of our class sizes are guaranteed to be 10 students or
> less
> to facilitate one-on-one interaction with one of our expert instructors.
>
> Attend a course taught by an expert instructor with years of
> in-the-field
> pen testing experience in our state of the art hacking lab. Master the
> skills
> of an Ethical Hacker to better assess the security of your organization.
>
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------------
> ----
>
>
> ------------------------------------------------------------------
> ---------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get
> $545 off
> any course! All of our class sizes are guaranteed to be 10
> students or less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab.
> Master the skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ------------------------------------------------------------------
> ----------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------