Solved

Protect my network against viruses

Posted on 2007-03-17
9
964 Views
Last Modified: 2013-11-22
Hi ..
How can I protect my NETWORK against viruses ????
Well... on the pcs that I have control on , I can put McCaffe or Symantec anitvirus.
But , what about the pcs that I have no control on , like users from sales department or so accessing my network from the internet VPN or through the hotspot by their laptops ? Also from other clients that we offer hospot for them .
How can I defend / scan my whole network against worms ? What can I do if my network gets infected.

Mostly, I guess I need your comments , and also some more details on a centralized virus control .

Thx alot for your help.
0
Comment
Question by:drtoto82
9 Comments
 
LVL 9

Expert Comment

by:paradoxengine
ID: 18740975
Well, the short answer is you can't. No, actually you SHOULD NOT be able to.
Finding virus implies you will be looking 24h on the network, dumping everything and looking for known signatures (just like softwares like carnivore do for pictures and emails). This is a tremendous effort to be done.. and actually is not done. What we have nowadays are quarantine systems: you don't allow pcs into your network if they do not comply to some rules (ie: having updated antiviruses and such).
Microsoft, Cisco and other vendors have got nice products about that, tightly integrated in their infrastructure. Take care: what my experience tells is that it's pretty easy to get around this quarantine systems, and they are only meant as administrative measures, not security ones. You should really use DMZs (or some other kind of network-level control systems).
0
 
LVL 1

Expert Comment

by:TekSavage
ID: 18741381
The best you can do is protect the machines you have control over with antivirus programs on PCs and servers. Set up the servers to get updates and distribute them to the PCs and deny access to any remote computer that a virus is detected from. The only way to prevent a virus from coming from a PC you don't control is to deny access from outside your network, which is unacceptable.
0
 
LVL 27

Accepted Solution

by:
Tolomir earned 125 total points
ID: 18746469
Setting up a DMZ for external accessible services is a good start. Juniper firewalls got a zone concept allowing you to define rules for IP zones like: 192.168.10.x This way you can effectively shield the server area from the workstation area. Or development from sales.

Another part is never grant users administrator rights without "usefull" reason. I.e. if they are able to really take care of themselves and they got a reason for it, do it else: Never.

Another part would be to scan also for malware, we use ad-aware on each computer (http://www.lavasoft.com/)

After you've shielded the incoming IP ports you might want to consider to block USB-stick-usage - for that you can either use a tool from e.g. http://www.gfi.com/ GFI Endpoint Security or disallow USB-Stick-usage via group policy from active directoy.

If your employees want to work from home, you could ask/force them to use at least a virus scanner on their home  PC, could be a free license I've heard good results from  http://www.free-av.com/

Tolomir

0
 
LVL 5

Author Comment

by:drtoto82
ID: 18753037
Tolomir 's answer is very good. Need more comments plz .
What about a user with a virus on his laptop accessing my network from the hostpot, and I want to allow that user in !!!
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 27

Expert Comment

by:Tolomir
ID: 18754289
I would not allow access to files i.e. open port 135,137,139 445 respectivly. So filesharing is a big NO-NO

All I would allow is access to port 443 SSL to Webservices. The risk is too great to attack internal infrastructure with worms.  

You should apply Windows 2003 SP2:

Improved manageability for IPsec
Server and Domain Isolation are key security benefits offered on Microsoft Networks. By using Active Directory, domain memberships and group policies, Server and Domain Isolation allows companies to logically segment their networks. This means that you can restrict non-domain computers which aren’t managed at a corporate level (lab computers, guests or other unsecure systems) from communicating with non- domain members. Service Pack 2 improves Server and Domain Isolation by reducing the IPsec filter set that needs to be managed from potentially hundreds of filters to as few as 2 filters. More information on Server and Domain Isolation can be found at www.microsoft.com/sdisolation.

Manage new wireless settings without the hassle
SP2 provides the ability to manage the WPA2 protocol for wireless networks. This supports and simplifies the process of discovering and connecting to wireless networks in your home or on the road.

http://www.microsoft.com/technet/windowsserver/sp2/top-reasons.mspx
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 18754314
And of cause this one is useable too:

http://www.avast.com/eng/avast_4_server.html

avast! 4 Server Edition offers the most powerful protection to fight virus infections on your server or servers. It works both as primary protection of a file server itself, and, via its optional plug-ins, as protection for various server subsystems, such as electronic mail or firewall/proxy. Currently, the following plugins (editions) are available:

    * MS Exchange Server 2000/2003
    * MS Proxy/ISA Server
    * SMTP Server
    * MS Sharepoint Server (both Portal Server 2001/2003 and Windows Sharepoint Services 2003)
0
 
LVL 1

Expert Comment

by:hitman4lease
ID: 18775100
Trend Micro Office Scan, Hands down. Disaster Recovery, Firewall and Webadmin to check up and rollout installs. Heres a link. Switched from Norton's 10. Corp.

And uninstalled Norton's from local workstation and installed Trend Micro Client and found 10 spywares running that Norton's said that it was ok for them to be there.

http://www.trendmicro.com/en/products/desktop/osce/evaluate/overview.htm

0
 
LVL 9

Expert Comment

by:paradoxengine
ID: 18778121
Watch out: domain isolation via IPSec is a real pain.
0
 
LVL 1

Expert Comment

by:jd17rgcci
ID: 19013520
I would install McaFee epo 3.6.1 NOT symantec.
Setup a central repository server by installing this package on a machine, windows 2003.
Install Virusscan 8.5i on the same machine.
Configure the application which best suits your environment.
Add the subnets of the machines into the application and it will send out all the agents to the machines on ur network installing Virusscan 8/8.5 from the central managed server.

Install AV on every machine that is connecting to the network from outside. You can tell from the rouge system detection function on the server what mcahines do not have AV installed so u can track them and get them updated.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

This article summarizes using a simple matrix to map the different type of phishing attempts and its targeted victims. It also run through many scam scheme scenario with "real" phished emails. There are safeguards highlighted to stay vigilance and h…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now