RE: Antivirus on intranet network

["Mark Brunner" <mark_brunner () hotmail com>]

Just about any modern A/V software should allow "off-line" updates.
Symantec for instance provides "Intelligent Update" downloads.  You go to
the website from an internet connected PC and download the Intelligent
update, then use it to update your non connected systems, or update a server
and push the definitions to connected LAN clients.

Mark

-----Original Message-----
From: Steven Meyer [mailto:meysteven () gmail com]
Sent: Sunday, November 27, 2005 3:37 AM
To: mark_brunner () hotmail com
Cc: security-basics () securityfocus com
Subject: Re: Antivirus on intranet network


Maybe wasn't my question clear enough, All the security problems
related to people trying to ad a laptop to the network or trying to
connect to the Internet from the work computers have been resolved.
As I tried to explain in my first e-mail, The point is how to update
an anti virus with out allowing him to connect to the Internet, and
witch anti virus would be able to do this ( threw diskette for
example).

2005/11/26, Mark Brunner <mark_brunner () hotmail com>:
> If your data has value, protect it appropriately.  (I don't work for
> Symantec anymore, but I still buy their products)
>
> Personally, I run A/V on ALL my PC's, regardless of their internet
> connectivity.  If I am going to go to the extreme of creating an isolated
> network, then I am going to make use of defense in depth and use multiple
> vendor's A/V solutions there.  The Internet is one attack vector into an
> organization, however it is not the only one.  Before we had the Internet
> (yes, there was a time...) we still had virii.  They propagated via floppy
&
> CD-ROM (called SneakerNet), downloaded files, and email.
>
> If you have ONE laptop on the "isolated" network, you have just multiplied
> the likelihood of catching and spreading malware.
> If you have ONE modem on any PC on the "isolated" network, you may have a
> connection to the Internet.
> If you move data from the shared network to the "isolated" network, then
you
> may as well have just connected to the shared network.
>
> I know of several businesses that have been brought to their knees
recently
> for SEVERAL DAYS as a result of the Sober.X worm.  These are organizations
> that have invested in A/V products, but have misconfigured them, not
> administered them properly, or have poorly followed procedures.  The
threat
> is real, the vulnerability is evolving, and the risk is constantly rising.
>
> Cheers!
> Mark
>
> -----Original Message-----
> From: Steven Meyer [mailto:meysteven () gmail com]
> Sent: Friday, November 25, 2005 6:07 AM
> To: security-basics () securityfocus com
> Subject: Antivirus on intranet network
>
>
> hello,
> I have a "Working" network who is totally disconnected (physically)
> from the Internet.
> people do the "search" on the "Internet " computers and then go on the
> "work" computers for analyse and the store the data.
> The Question is: I would need a anti virus on the "work" computers and
> I should be able to update the virus database daily without connecting
> any computer to the Internet.
> Which anti virus should I use and How could I do the update.
> Thanks for any help.
> Steven Meyer