Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OT: Av and Gartner...

From: "Bob Wanamaker - Avant Systems, Inc." <rlw () avantsystems com>
Date: Wed, 30 Jul 2003 20:37:20 -0400
My standard recommendation:  don't worry about http/ftp scanning, but do
have AV installed on the proxy server.  AV should also be installed at SMTP
gateway; an Exchange-aware version on Exchange server [and please note that
SMTP gateway is on a separate box and on a DMZ segment from corporate
Exchange server]; on all servers; on all desktops.

Additionally, block the majority of attached files on your Exchange server.
Use a scanner that actually works, and test the snot out of it - you'd be
surprised that scanners let EXE's embedded in a Word document come through,
but some do.  Proxy server should be capable of blocking downloads as well -
for example, the most recent WMP flaw requires that a MID file be used in
the exploit; answer - block MIDs.

Only permit required hosts to traverse the firewall.  No desktop should have
to do this.







-----Original Message-----
From: firewall-wizards-admin () honor icsalabs com
[mailto:firewall-wizards-admin () honor icsalabs com]On Behalf Of John
Keeton
Sent: Wednesday, July 30, 2003 7:10 PM
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] OT: Av and Gartner...


Slightly OT here.

In corporate land, where does everyone have AV installed? Currently, we
have desktop, NT servers, and email gateway. I am thinking that we need
http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp
scanning is uneeded. I don't know if I agree.. -OR- Are people installing
malicious code detection software, like www.finjan.com??

Also, anyone have any experiance with Garner regarding security items? This
AV answer, joined with their latest magic quad. for firewalls and ids is
just plain scary. I don't know if I even want to put an ounce of faith in
them anymore.

Thanks,
-jkeeton

[1] At my employ Gartner is god.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: