RE: Anti-Virus on web facing servers??

["SNAIL945" <snail945 () yahoo com>]

Hi.

Good idea.  Some thoughts that come to mind from experiences in the past:

1. make sure the product is stable
2. make sure it's configured properly for your setup (great point from
someone on sql db/logs concern)
3. test and understand its behavior.  make sure it doesn't inadvertently
issue a DOS to your webapp if it acts unpredictably.

For the forumn - Given that this is a ms webapp environment, what
lightweight AV scanners are being used successfully out there?

Some goals that come to mind:

- secure and effective
- stable and predictable
- minimal system overhead

Cheers-byron

----- Original Message -----
From: "Dan Tesch" <dan.tesch () comcast net>
To: "Security Basics" <security-basics () lists securityfocus com>
Sent: Friday, July 09, 2004 10:32 AM
Subject: Anti-Virus on web facing servers??


> Hello, I just started with a company that has three web facing W2K 
> servers running IIS & SQL.
>
> My question; they are patched and behind a firewall but have no 
> Anti-Virus running - can I get some feedback on whether these boxes 
> should be running AV??
>
> They are on a network at a COLO just by themselves
> ie: no desktops but get FTP uploads regularly for content.
>
> Thanks
>
> ----------------------------------------------------------------------
> ----
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 
> off any course! All of our class sizes are guaranteed to be 10 
> students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art hacking 
> lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------
> ----
--
>



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------