Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 243
  • Last Modified:

Should I use anti-virus and anti-spyware software on my servers?

Here is the scenario.  We have two servers behind a Juniper Networks firewall at a colocation site.  That's it.  No users at all behind the firewall (except for me at times running remote desktop).  We are running Windows Server 2003, IIS 6.0 and all of the latest MS security patches are always installed right away.

Server one is mainly a web server and server two is mainly a database server running SQL Server 2005.

I use remote desktop to manage the servers.  My partner and I use the VPN to work with the servers on a daily basis.  We have a drop box style FTP server.  Our data entry people use ASP.NET pages that interact with our database.  Our customers use our website and business intelligence software to access the data in our database indirectly.  The only web surfing that ever occurs is when I need to get updates for software on our servers.  We are not running a mail server.

So, I have two questions.

1)  Should I be running anti-virus software?
2)  Should I be running anti-spam software?

I'm not looking for a debate on which pieces of software are best here.  I am looking for real reasons as to why I should run either of the two items above since my preference is to not run them (my minimalist approach to keeping it simple).

Thanks,

Todd
0
Todd_Anderson
Asked:
Todd_Anderson
2 Solutions
 
hstilesCommented:
The biggest threat these two servers face is being compromised by a hacker and it's debatable how much antivirus or anti spyware would help you in this scenario.  Some antivirus software is able to detect and quarantine security risks, such as nc.exe or known keyloggers or exploit tools.  However, having antivirus sitting on a server is a performance hit, whichever way you look at it.

There are other applications out there that may be more appropriate  for your scenario, such as tripwire.  These alert you to any changes in the machine configuration.  Other applications, such as appsense, feature registry healing and blocking of untrusted code.  These are harder to configure though, so you may decide that simply installing Antivirus will provide a bit more protection.
0
 
BLipmanCommented:
My stock answer is this: no for antispyware yes for AV.  Reasoning is such: you should not be browsing the Internet for 'fun stuff' on your servers and this is the biggest way to get infected w/ spyware (that and loading shareware, another server no-no).  Antivirus is an interesting question.  I load it on every server period, active scanning and all.  I would rather stop an infection and pay the overhead of the service.  I do load in several exclusions though; I will get to that in a bit.  Some 'experts' say that active AV scanning is just too much overhead and they will set up nightly full scans so that they catch infections after the fact.  
Exclusions are key IMO, here are my standard exclusions:

on all servers: exclude the AV folder itself
on a clustered sql server: Quorum drive, MSCS folder, SQL Binaries
on a file server: exclude database files if served (I host Access and SQL apps so I exclude .MDB, .MDE, and .LDB on my file servers)
on an exchange server: exchsvr folder (see MS KB823166)
on an exchange IIS server (for OWA): "%system root%\IIS Temp. Compressed Files" and "%system root%\system32\Inetsrv"

I know you didn't ask for this but for anyone who cares Trend followed by SAV Corp. are my favorite AV systems.  
0
 
Jay_Jay70Commented:
i would agree with a trend solution - i despise anything symantec - jsut two cents worth
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Todd_AndersonAuthor Commented:
BLipman:  What exlusions would you use for SQL Server 2005 that is not clustered?

hstiles and BLipman:  That's just the kind of info that I needed.  Thanks for the help!

Todd
0
 
BLipmanCommented:
If it is a normal SQL box I exclude .MDF, .LDF, and .BAK; alternately you can just exclude the whole Microsoft SQL Server folder.  
0
 
Todd_AndersonAuthor Commented:
BLipman,

Easy enough.  Thanks!

Todd
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now