Security Basics mailing list archives
Re: about viruswall?
From: chort <chort () amaunetsgothique com>
Date: 29 Aug 2003 16:45:22 -0700
On Fri, 2003-08-29 at 09:28, Gabriel Orozco wrote:
With an antivitus running in your SMTP server is more than enough.
WHOA! This kind of attitude is simplistic at best, and extremely careless. Anti-Virus for your enterprise mail system can be very flakey (due to the complexity of interfacing with modern enterprise mail and groupware systems). Some times there is a delay between when the message arrives and when it gets scanned, and it may be opened in that interval (a race condition). Some times the service fails (particularly on NT/2K) and you may not realize that you're unprotected. Besides those grave dangers, this is by default accepting that viruses will penetrate your network and will for a fact be on your internal servers (even if they do end up getting cleaned). Are you so sure you want to guarantee that your Windows server will have viruses? Anti-Virus should be a multi-tiered defense. One layer at the e-mail gateway, peeling away the dangerous stuff before it even makes it inside your inner firewall. One layer on the mail/groupware server (preferably a different vendor than the gateway A-V) to catch anything that gets through, and to take care of things sent locally. The last ditch should be on the desktop (possibly a third vendor) for a last chance to catch anything that the other two missed, and as a FIRST chance at smoking out infections that your users contract from websites or outside e-mail accounts. Just having A-V on your mail server is most certainly NOT "more than enough." Why let things into your network if you know you can stop them in the DMZ and mitigate the risk? That's why the "virus wall" concept was started years ago, and within the last couple of years it has grown to include anti-spam, content policy enforcement, Internet message encryption, etc and is now known as a secure e-mail gateway (not to be confused with INsecure e-mail gateways, which is what sendmail is). -- Brian Keefer --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- Re: about viruswall? chort (Sep 02)
- Re: about viruswall? Gabriel Orozco (Sep 02)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Gabriel Orozco (Sep 10)
- Re: about viruswall? chort (Sep 22)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Sebastian Schneider (Sep 10)
- Re: about viruswall? Gabriel Orozco (Sep 02)
- <Possible follow-ups>
- RE: about viruswall? Renato_Joves (Sep 02)