Security Basics mailing list archives
RE: antivirus software for DMS computers???
From: "Jonathan Pokrzyk" <jpokrzyk () matriximaging com>
Date: Fri, 21 May 2004 13:27:20 -0400
I also agree with the defense depth theory. The more layers the better. But maybe someone can clarify some things for me. If these are just servers and not workstations they are at zero risk of virus getting in through email. And AV software has very little to do with stopping worms? I guess it would help to identify any trojan software on the machine but I would think that if you just lock down the ports you would be fine without running any anti-virus software. But I'm not an expert. My comment was more of a question than a response. -----Original Message----- From: Ray Lewis [mailto:rlewis () anpi org] Sent: Thursday, May 20, 2004 12:59 PM To: security-basics () securityfocus com Cc: Pierre Dufresne Subject: RE: antivirus software for DMS computers??? All of my servers in the DMZ have AV protection. The performance penalty is negligible as compared to the risk of a worm or virus infecting all of the servers in your DMZ if it gets in there. I consider it good practice and definitely subscribe to the defense in depth theory. Good luck. -----Original Message----- From: Pierre Dufresne [mailto:pierre.dufresne () messf gouv qc ca] Sent: Wednesday, May 19, 2004 1:37 PM To: security-basics () securityfocus com Subject: antivirus software for DMS computers??? Hi, We currently have a typical DMZ made up with some web servers between an external firewall and an internal firewall. Because of "historical reasons", none of these machines are equipped with antivirus software. For the sake of defense in depth, I would like to install antivirus sorftware on each of these machines. Someone in my company argues that we shouldn't do it because it could have a negative impact on performance. He also mentions that since firewalls act as some sort of routers between networks, they are not "directly" vulnerable to virus attacks. As for the web servers, they also should be less prone to viruses since they are hardened servers which get patched more rapidly than others. What do you think of this? I just would like to know if everyone on this list protect their DMZ machine with antivirus software? It seems to me like standard good practice. Thank you! ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- antivirus software for DMS computers??? Pierre Dufresne (May 20)
- <Possible follow-ups>
- RE: antivirus software for DMS computers??? Ray Lewis (May 21)
- RE: antivirus software for DMS computers??? Jonathan Pokrzyk (May 21)
- RE: antivirus software for DMS computers??? Burton M. Strauss III (May 25)