Security Basics mailing list archives
RE: antivirus software for DMS computers???
From: "Burton M. Strauss III" <BStrauss () acm org>
Date: Sat, 22 May 2004 08:48:52 -0500
Isn't is just simply prudent to take the simple precautions you can? Say you're running an Web+FTP server in your DMZ... isn't the last think TPHB wants to hear about from his PHB about the newspaper article saying "Hackers used a server at XYZ Corp to host kiddy pr0n"? Isn't the core issue to take reasonable and prudent precautions? That seems to me to qualify as best practices without question. Any of the decent AV software solutions, with automatic updates and some light weight monitoring costs you what? US$50/year + a few hours a month. The AV vendors have gotten pretty good about adjusting for new threat vectors. Maybe not immediately, but pretty soon. Same thing for a software firewall (Whether it's built-in to the OS like WinServer2003 has or an iptables script, etc. is irrelevant). With the AV scanning the uploads and the firewall locking out all ports except those for services you provide, aren't you at far, far less risk? -----Burton
-----Original Message----- From: Jonathan Pokrzyk [mailto:jpokrzyk () matriximaging com] Sent: Friday, May 21, 2004 12:27 PM To: security-basics () securityfocus com Subject: RE: antivirus software for DMS computers??? I also agree with the defense depth theory. The more layers the better. But maybe someone can clarify some things for me. If these are just servers and not workstations they are at zero risk of virus getting in through email. And AV software has very little to do with stopping worms? I guess it would help to identify any trojan software on the machine but I would think that if you just lock down the ports you would be fine without running any anti-virus software. But I'm not an expert. My comment was more of a question than a response. -----Original Message----- From: Ray Lewis [mailto:rlewis () anpi org] Sent: Thursday, May 20, 2004 12:59 PM To: security-basics () securityfocus com Cc: Pierre Dufresne Subject: RE: antivirus software for DMS computers??? All of my servers in the DMZ have AV protection. The performance penalty is negligible as compared to the risk of a worm or virus infecting all of the servers in your DMZ if it gets in there. I consider it good practice and definitely subscribe to the defense in depth theory. Good luck. -----Original Message----- From: Pierre Dufresne [mailto:pierre.dufresne () messf gouv qc ca] Sent: Wednesday, May 19, 2004 1:37 PM To: security-basics () securityfocus com Subject: antivirus software for DMS computers??? Hi, We currently have a typical DMZ made up with some web servers between an external firewall and an internal firewall. Because of "historical reasons", none of these machines are equipped with antivirus software. For the sake of defense in depth, I would like to install antivirus sorftware on each of these machines. Someone in my company argues that we shouldn't do it because it could have a negative impact on performance. He also mentions that since firewalls act as some sort of routers between networks, they are not "directly" vulnerable to virus attacks. As for the web servers, they also should be less prone to viruses since they are hardened servers which get patched more rapidly than others. What do you think of this? I just would like to know if everyone on this list protect their DMZ machine with antivirus software? It seems to me like standard good practice. Thank you! ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------ --------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------ ----------
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- antivirus software for DMS computers??? Pierre Dufresne (May 20)
- <Possible follow-ups>
- RE: antivirus software for DMS computers??? Ray Lewis (May 21)
- RE: antivirus software for DMS computers??? Jonathan Pokrzyk (May 21)
- RE: antivirus software for DMS computers??? Burton M. Strauss III (May 25)