Solved

Windows Server security/ Virus Definition update methods.

Posted on 2003-12-09
2
553 Views
Last Modified: 2010-04-11
Hello Everybody.

I have a question that is more methodical rather than purely technical, I hope tha is OK. My servers have been hit with a virus two months after we purchased many licenses for Norton AV.

(never installed it)

The previous version was running with outdated definitions prior to this. Since being hit by the new virus, we have applied the new AV software and definitions. NAV uses 'Live Update' to go out over the net and download newer virus definitions on a regular basis.

Now, coming from an IP network/ router background, my first inclination is cut these servers off from the internet, and allow only DNS & some higher level custom TCP ports through. I could possibly open a hole in my FW for LiveUpdate, or I could delegate the download function to a DMZish server from which the updates can be periodically pulled. (Or can't I?- does NAV support this?)

I know the dangers of treating every problem like it was a nail when the only tool you own is a hammer. Is this an appropriate network transport issue? What is the industry prevalent method of insulating servers from the internet and updating/verifying virus definitions?


/john
0
Comment
Question by:johndarpino
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
NeilDavis earned 250 total points
ID: 9905695
We dont use live update for our AV servers.  Instead we use a batch file avaliable from symantec follow this link:

http://service1.symantec.com/SUPPORT/ent-security.nsf/d04e6f2f2dfad5de88256c910079502c/80e201e3738ae3cc88256c55004c28f4?OpenDocument&src=bar_sch_nam

I find the batch file works better and you can modify and run from a machine in you DMZ.
0
 
LVL 4

Expert Comment

by:MobileOakAI
ID: 9909659
We are going the same way, I think. FTP pattern to our server. Then, the clients are scheduled to check the server at regular intervals (use SAVROAM to locate server).  In case of trouble on network, other options including liveupdate from our client to our server is option, and we also stick it on our webserver, to cover anyone else, such as for a few laptops.

Do also a better job of getting updates from Microsoft.  They have weekly vulnerabilities and now should be only once a month downloads.  I'd guess that your servers got hit because they were short on an upgrade from Microsoft as well, and exploited. That is all too common these days.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Intune and ActiveSync 2 19
ow do I browse the internet secretly? 6 96
Multi Factor Authentication for MSPs 4 37
yahoo 2 step email authentication 2 29
Ransomware is a malware that is again in the list of security  concerns. Not only for companies, but also for Government security and  even at personal use. IT departments should be aware and have the right  knowledge to how to fight it.
No single Antivirus application (despite claims by manufacturers) will catch or protect you from all Virus / Malware or Spyware threats. That doesn't stop you from further protecting yourself however - and this article is to show you how.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question