Re: Planning Overall Protection

[Joe <bitshield () gmail com>]

Hello Network Freek

I suggest you to implement the defense-in-depth strategy. This
requires you to implement multiple layers of security that must be
traversed sequentially. You can choose different vendors to make this
strategy most effective. Beware that various products use other
vendors scan engines so that a different vendor may not guarantee
different Malware prevention technology.

I consider the following "equipment" as good practice:

Internet gateway; here you can block all kind of web content
- viruses, trojans, spyware, etc
- URLs
- binaries and scripts based on their behavior
- various content types and file types

Client security suite on user's computer to:
- detect and delete viruses
- block network traffic
- detect intrusion attempts

IPS system to:
- block network based attacks
- block suspicious traffic

e-Mail gateway to:
- block viruses
- block or tag SPAM

There are tons of products that can do that. Implementing such a
strategy requires some time and costs a lot of money. You can have
simple tools that just to basic stuff and you can have tools that
allow very complex configuration. I would first define the
requirements and then I would figure out which technology brings you
the best short term protection. This could then be the starting point
of the implementation of your strategy.

Regards
Joe

On 8/4/06, network freek <network.freek () gmail com> wrote:
> Hi,
>
> I am preparing to define and to setup corporate protection from any
> kind of malware threat. I am envisaging to put an IPS and antivirus
> gateway (or looking for antivirus that can be installed in the mail/
> mx servers and proxy servers) right behind the front firewall,
> antivirus clients capable of effectively detecting any spyware, virus,
> worm, spam and a management/ control server. I am also planning to
> define additional policy concerning virus/ malware. What do you
> suggest? Any suggestion about product offering a total/ comprehensive
> solution? What do you think about disabling or prohibiting flash disk
> drive (or any idea to prevent threats from removable media)?
>
> Any idea would be greatly appreciated
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------