Paul Ferguson wrote:
>
> Conventional thinking & common sense dictate that a firewall,
> or any other network choke-point, is an inappropriate place
> to scan bits for viruses. Push this to the hosts.
>
> Be pragmatic.
>
> - paul
Or push it to internal proxies, and tighten up the firewall to only
talk to those proxies, forcing the users to access the world thru
your boundary layer...:)
I agree about the need to virus scan. But, (l)users being what
they are, if we (ie the network control weenies) don't do it for them,
then they will be loath to do it themselves. Belts and suspenders, plus
a healthy dose of paranoia help too.
With the speed of processors on the market today, stream examination
is becoming more credible. It wasn't in the days of 16 MHz CPUs and
max 24MB dram boxes. But, with 220 MHz plus, gobs of dram, line speed
disks, etc. it is not only credible, but, in most cases, should be
considered very closely...:)
--
Bryan D. Boyle | EMAIL: bdboyle @
erenj .
com 908-730-3338
#include <disclaimer> | http://www.access.digex.net/~bdboyle/index.html
"It is well that war is so terrible; we should grow too fond of it..."
-R.E. Lee, Fredericksburg VA, 12.13.1862
References:
|
|
