> >
> >I disagree. The firewall can be the single point of entry into a
> >private network and if you can prevent viruses from passing through,
> >it can be an effective method of protection. Many of the virus
> >scanners available these days can scan MIME attachments, UUEncoded files,
> >zipped files, etc.
> >
>
> Right. This is an exercise in futility.
>
> And not to mention that performance goes to shit.
>
> *sigh*
i've had some experience with mimesweeper & viruswall. these products
do perform providing you understand their limitations, which i
find are as follows:
* like everything else, you need to keep the virus templates up to date
* you prob. need to handle each protocol separately - e.g. one product replaced
sendmail, a ftp-gw proxy & had a frontend httpd. this may not apply to
all products & may not interoperate with your environment.
* performance will be impacted, how heavily depends on what goes on at your
site.
* you need to understand that viruses & nasties can still slip through
when people start getting sneaky & using stenographic techniques.
* when you have people start using PGP email or other legit. means of
encryption, the virus checking/scanning capabilities are lost unless you
give key escrow to the virus checking host. this is inadvisable in 99.9% of
situations and may not be possible in others, e.g. SSL connections. another
problem this raises is what does the checking mechanism do when it is faced
with a data stream it cannot decipher, does it quarantine
the info - saying "i don't know what this is" - or does it let it through
saying "i didn't really understand what this was, but i let it through
anyway, hope that's ok"?
the former is likely to wind up with users buying modems to install under the
floorboards, the latter is ineffective if the virus checker lets through
bad goo because it is incapable of decoding the data stream.
* don't install checkers on the firewall itself. install on an internal proxy
host or a mailhub.
bottom line is - yes virus checking software on proxy hosts has
it's place as an extra belt providing you're already wearing belt &
suspenders. don't expect this extra belt to hold your pants up if your
suspenders & other belts fall down. 8-)
nothing negates the need for up to date virus checkers on ALL vulnerable
hosts. particularly if you allow users access to floppy & CD-ROM
drives & don't body & bag search people & data as they come in any
of your front or back doors. & in all my travels i've yet to find a site
where the internet connection was the single point of entry into an
organisation.
user education & an articulated security & incident policy on what
do to in the event of a virus infection are also highly recommended.
hope this helps,
pauline
Pauline van Winsen pauline @
uniq .
com .
au
Uniq Professional Services Pty Ltd www.uniq.com.au
PO Box 70, Paddington, NSW 2021, (Sydney) Australia
Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000
"One important point often overlooked is that colours should be selected
so that they will not clash with your own personal colouring. After all,
you will be living in the house & each room must provide a suitable
background for you."
Home decorating - Introduction, Woman's World, circa 1964.
------------- End Included Message -------------
|
|
