Home page logo
/

basics logo Security Basics mailing list archives

RE: adding another defence layer against viruses/worms
From: Juan B <juanbabi () yahoo com>
Date: Tue, 1 Dec 2009 18:13:25 -0800 (PST)

Ok I will take look on the AV, they have now symentec.

They have windows 2003 servers and xp as pc's. what you suggest implementing with GPO to elevate the security of the 
pc's? today they use GPO only to block the screen after 15 minutes of none use. And they need the USB and cd to 
transefer pictures they really need to use for work tasks. Must of the users don’t have admin rights on there machines. 
What else can I implenet to elevate the security? They implent patches throw WSUS and keep the pc's updated. Maybe to 
use the FW feature of the AV? You have a security template you can send me?

Thanks for your answer.

juan

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Quark Group - Hilton Travis
Sent: Friday, November 27, 2009 5:38 PM
To: security-basics () securityfocus com
Subject: RE: adding another defence layer against viruses/worms

G'day Juan,

The best move would be to deploy a good AV product instead of whichever one you're currently running.  The best one 
around now (and since about 1999) is still NOD32, however you cannot run the latest version on Servers also running 
Microsoft Exchange as the Eset guys seem to have deemed Exchange not worth updating for - their current version is 4.x 
however the latest Exchange version is 2.7x, meaning you need to run an ancient version on Windows Server boxes running 
Exchange - something I honestly cannot understand why they have left this way.

Aside from that issue, NOD32 has the best heuristics, best detection rates and outstandingly low false positive rates 
*even* when Heuristics have been cranked up to the highest level.

So, I'd look at fixing the broken AV issue at the source, then look at other ways to implement better control of the 
remote PCs, such as distributed AD controllers and using GPO for what it was designed for - control of servers and 
desktops on the domain.

--

http://hiltont.blogspot.com/

Regards,

Hilton Travis                       Phone: +61 (0)7 3105 9101
(Brisbane, Australia)               Phone: +61 (0)419 792 394
Manager, Quark IT                   http://www.quarkit.com.au
         Quark Group                http://www.quarkgroup.com.au

War doesn't determine who is right.  War determines who is left.


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
On Behalf Of Juan B
Sent: Wednesday, 25 November 2009 12:04 AM
To: security-basics () securityfocus com
Subject: adding another defence layer against viruses/worms

Hi all,

I'm doing some security consulting for a client. this client have
around 30 remote branches connected to his core. the problem is that
sometimes the AV fails to detect new viruses/worms coming from those
branches so those viruses/worms mess up his LAN.another problem is
that the the client doesn't have much of control over the remote PCs
in the branches. so I thought about adding another layer of defence in
which we will add an IPS (which Ips detects also viruses/worms??)
which will filter and scan all traffic coming from the branches.

I just wonder if you guys agree with my suggestion.

any comments will be welcomed.

BTW,

any recomendations for the IPS?

thanks a lot
juan


This document and any attachments are for the intended recipient only.
It may contain confidential, privileged or copyright material which must not be disclosed or distributed without prior 
approval.

Quark Group Pty Ltd :: ABN 23 114 975 772 Trading As Quark AudioVisual, Quark Automation, Quark IT

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------





--------------------------------------------------------------------------------
<< ella for Spam Control >> has removed 2595 Spam messages and set aside 0 Newsletters for me
You can use it too - and it's FREE!  www.ellaforspam.com 





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]