Home page logo

basics logo Security Basics mailing list archives

RE: adding another defence layer against viruses/worms
From: Quark Group - Hilton Travis <Hilton () quarkgroup com au>
Date: Sat, 28 Nov 2009 07:37:51 +1100

G'day Juan,

The best move would be to deploy a good AV product instead of whichever one you're currently running.  The best one 
around now (and since about 1999) is still NOD32, however you cannot run the latest version on Servers also running 
Microsoft Exchange as the Eset guys seem to have deemed Exchange not worth updating for - their current version is 4.x 
however the latest Exchange version is 2.7x, meaning you need to run an ancient version on Windows Server boxes running 
Exchange - something I honestly cannot understand why they have left this way.

Aside from that issue, NOD32 has the best heuristics, best detection rates and outstandingly low false positive rates 
*even* when Heuristics have been cranked up to the highest level.

So, I'd look at fixing the broken AV issue at the source, then look at other ways to implement better control of the 
remote PCs, such as distributed AD controllers and using GPO for what it was designed for - control of servers and 
desktops on the domain.




Hilton Travis                       Phone: +61 (0)7 3105 9101
(Brisbane, Australia)               Phone: +61 (0)419 792 394
Manager, Quark IT                   http://www.quarkit.com.au
         Quark Group                http://www.quarkgroup.com.au

War doesn't determine who is right.  War determines who is left.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Juan B
Sent: Wednesday, 25 November 2009 12:04 AM
To: security-basics () securityfocus com
Subject: adding another defence layer against viruses/worms

Hi all,

I'm doing some security consulting for a client. this client have around 30
remote branches connected to his core. the problem is that sometimes the
AV fails to detect new viruses/worms coming from those branches so those
viruses/worms mess up his LAN.another problem is that the the client
doesn't have much of control over the remote PCs in the branches. so I
thought about adding another layer of defence in which we will add an IPS
(which Ips detects also viruses/worms??) which will filter and scan all traffic
coming from the branches.

I just wonder if you guys agree with my suggestion.

any comments will be welcomed.


any recomendations for the IPS?

thanks a lot

This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which
must not be disclosed or distributed without prior approval.

Quark Group Pty Ltd :: ABN 23 114 975 772
Trading As Quark AudioVisual, Quark Automation, Quark IT

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]