Security Basics mailing list archives
RE: Antivirus on intranet network
From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Sun, 27 Nov 2005 13:42:12 -0500
Just about any modern A/V software should allow "off-line" updates. Symantec for instance provides "Intelligent Update" downloads. You go to the website from an internet connected PC and download the Intelligent update, then use it to update your non connected systems, or update a server and push the definitions to connected LAN clients. Mark -----Original Message----- From: Steven Meyer [mailto:meysteven () gmail com] Sent: Sunday, November 27, 2005 3:37 AM To: mark_brunner () hotmail com Cc: security-basics () securityfocus com Subject: Re: Antivirus on intranet network Maybe wasn't my question clear enough, All the security problems related to people trying to ad a laptop to the network or trying to connect to the Internet from the work computers have been resolved. As I tried to explain in my first e-mail, The point is how to update an anti virus with out allowing him to connect to the Internet, and witch anti virus would be able to do this ( threw diskette for example). 2005/11/26, Mark Brunner <mark_brunner () hotmail com>:
If your data has value, protect it appropriately. (I don't work for Symantec anymore, but I still buy their products) Personally, I run A/V on ALL my PC's, regardless of their internet connectivity. If I am going to go to the extreme of creating an isolated network, then I am going to make use of defense in depth and use multiple vendor's A/V solutions there. The Internet is one attack vector into an organization, however it is not the only one. Before we had the Internet (yes, there was a time...) we still had virii. They propagated via floppy
&
CD-ROM (called SneakerNet), downloaded files, and email. If you have ONE laptop on the "isolated" network, you have just multiplied the likelihood of catching and spreading malware. If you have ONE modem on any PC on the "isolated" network, you may have a connection to the Internet. If you move data from the shared network to the "isolated" network, then
you
may as well have just connected to the shared network. I know of several businesses that have been brought to their knees
recently
for SEVERAL DAYS as a result of the Sober.X worm. These are organizations that have invested in A/V products, but have misconfigured them, not administered them properly, or have poorly followed procedures. The
threat
is real, the vulnerability is evolving, and the risk is constantly rising. Cheers! Mark -----Original Message----- From: Steven Meyer [mailto:meysteven () gmail com] Sent: Friday, November 25, 2005 6:07 AM To: security-basics () securityfocus com Subject: Antivirus on intranet network hello, I have a "Working" network who is totally disconnected (physically) from the Internet. people do the "search" on the "Internet " computers and then go on the "work" computers for analyse and the store the data. The Question is: I would need a anti virus on the "work" computers and I should be able to update the virus database daily without connecting any computer to the Internet. Which anti virus should I use and How could I do the update. Thanks for any help. Steven Meyer
Current thread:
- Antivirus on intranet network Steven Meyer (Nov 25)
- RE: Antivirus on intranet network Mark Brunner (Nov 28)
- Re: Antivirus on intranet network Steven Meyer (Nov 28)
- RE: Antivirus on intranet network Mark Brunner (Nov 28)
- RE: Antivirus on intranet network joseph martin (Nov 30)
- Re: Antivirus on intranet network andy (Nov 29)
- Re: Antivirus on intranet network Steven Meyer (Nov 28)
- RE: Antivirus on intranet network Mark Brunner (Nov 28)
- Message not available
- Re: Antivirus on intranet network Steven Meyer (Nov 28)
- <Possible follow-ups>
- Re: Antivirus on intranet network Neal C (Nov 29)
- RE: Antivirus on intranet network Lauren Ward (Nov 29)