Security Basics mailing list archives
RE: Gateway Scanner or IDP
From: krymson () gmail com
Date: 10 Sep 2010 20:11:19 -0000
If your users run as local admin, you might be better off spending your hours weaning them away from admin rights. In addition, make sure your perimeter firewall egress (outbound) firewall rules are tight, as a damage-control step. If you do implement gateway scanning, be aware that you'll want to do this in conjunction with your endpoint AV installs, and thus likely from a different vendor to get a different viewpoint on malware. I wouldn't look to replace endpoint AV with gateway scanning, fully. You might be better off lobbying for a web filter with built-in malware detection if your users are browsing bad web sites (IronPort is a great example). Many of these solutions include tie-ins that effectively give you some gateway scanning anyway, with the added benefit of reputation-based filtering and being protocol-aware or even offering visibility into SSL-enabled connections. By IDP, I think you mean IDS/IPS. I would consider IDS/IPS to be very important for a security posture, but it is a more advanced technology, and probably shouldn't be relied upon *too* much to provide additional protection above and beyond your endpoint or gateway AV. For solution value to you, the question will be whether you have the time to manage something. If you have the time, you have plenty of options. If you don't, then you need that pre-packaged approach or pay someone else to manage it remote. Pre-packaged is often either lower quality or deceptively complicated to manage properly (i.e. so many features to meet every customer that every customer ends up overwhelmed with all the subsequent features). Always thoroughly test-drive anything like this, so you know if it'll work for you or against you. Third-party management may mean you have to trust them, they may miss things, they may swamp you with false positive notices, and they likely won't understand or care about your business very much. For any of these technologies, I'd always stress looking at how much time you can devote to the care-and-feeding. Even your generic endpoint AV needs attention, as you've been experiencing, and all of these other technologies will add some overhead as well. (Web-filtering the least, from a good vendor with a nice appliance.) <- snip -> I work for an SMB and have been concerned, as I should be, about keeping the network clean/safe for my users. My most immediate threat is virus and malware. We have desktop anti-virus but it doesn't seem to catch or clean it all. Sure, we run spybot and malwarebytes after the fact. And sometimes it cleans it up but we are finding that lately we simply have to wipe the system and re-image to be sure we have it cleaned up. So I've begun looking at gateway scanners (i.e. eset, juniper, checkpoint, trend micro, etc.) but began thinking that this seems really close to an IDP. I have been looking at IDP systems for a few years but I don't have a lot of time to manage a Snort box and will have to do some hard selling if I'm going to request a budget for a Sourcefire deployment. They didn't buy in a few years ago when I pushed for it. (If those are the right products?) Should I be taking a different approach to this? Do I install a gateway scanner? Do I implement a proxy server or content filtering solution? Do I install an IDP? All of the above? If I invest in a prepackaged solution is that going to give me the best solution for my money? Or do I look to contract with someone who can manage snort remotely? Those of you who have been through this, how did you get to your decision? What would you do different if you had to? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Gateway Scanner or IDP absolutezero273c (Sep 10)
- Re: Gateway Scanner or IDP Jeff MacDonald (Sep 13)
- <Possible follow-ups>
- RE: Gateway Scanner or IDP krymson (Sep 10)