Solved

Virus/Malware/Spyware Network Security Solutions

Posted on 2009-06-30
3
658 Views
Last Modified: 2013-11-22
I have a somewhat abstract network security question.  I am newly administering networks on two separate locations with around 60 nodes each and have been working to enhance their network security.  I know this encompasses too many areas to go into in a single topic, so I am looking for advice in the area of virus/spyware/malware etc. security.

Currently I have upgraded both networks to Symantec Endpoint Protection 11 for all servers and clients.  I have been doing further research in virus protection and many experts recommend multiple solutions to better protect a network from attack.  For instance, I recently ran into a couple virus attacks which completely bypassed Symantec Endpoint Protection and had to be found and removed manually.  I know this is an issue which can never be protected against fully, but it seems there are solutions which will greatly enhance network security.  One obvious addition is a hardware firewall for both networks which I am currently in the process of obtaining and installing.  For this reason, I would like to narrow this focus down to purely the network software.  My question is this&

What combination of network protection software would you recommend to be placed on both Server and Client machines?  I.E., would you recommend using a malware and/or spyware product in parallel with Symantec Endpoint Protection?  And even though I am utilizing Symantec Endpoint Protection currently, I would also like to hear if you have had better results with other solutions in network environments since others may be needing this and for my own reference when doing future upgrades.  Also, please expound if you feel I have left off other key concerns pertaining to this focus.

My largest concern is experienced issues when combining products of this nature since many of their securities overlap and will cause conflicts, which I have seen many times in the past.  Please add any knowledge you have as to why the proposed solutions are preferable to increase mine and other readers understanding in the area.  Lastly, as is the case in nearly all organizations, cost is an issue.  So if some of the ideal solutions are quite costly, a secondary recommendation for a similar but more cost effective solution would be greatly appreciated.

Thank you in advance for the help and I look forward to hearing from the experts in this area.
0
Comment
Question by:Feragh
  • 2
3 Comments
 
LVL 14

Accepted Solution

by:
mds-cos earned 500 total points
ID: 24749807
Limiting to software, and not getting into the SPAM question that combines nicely with edge defense....

1)  The best protection is a multi-layer defense in addition to user training.  Layer 1 -- external entry point (Internet, e-mail).  For this a SMTP & web proxy edge server with antivirus / antimalware software or an applicance such as Barracuda.  Edge device may be all the bells and whistles, or simply anti-virus.  Layer 2 -- internal entry point (workstations).  For this layer a network antivirus / anti-malware software solution such as Symantec.  Anti-malware is important at this layer, since dealing with adware / spyware is a major factor is IT today.  Layer 3 -- server and filestore protection.  For this layer a anti-virus software package that works with servers (if you manage your severs properly you will not need anti-malware at this layer except for TS / Citrix where users have access).

2)  Each layer should use different software, and all layers should use top rated software.  The reason for this is because one vendor may update for a specific threat more quickly than another.  By having multiple solutions in place you are more likely to catch / localize the virus at one of the defense layers.

3)  Don't try running multiple overlapping software packages on any given machine (e.g. Symantec and  Kaspersky).  If, however, your anti-virus does not also do anti-malware then you would want to add an anti-malware solution in parallel.  Fortunately, anti-virus software is finally catching up to the need of integrated anti-malware.

4)  Training and response -- just like your Disaster Recovery plan you don't want to wait until you get a virus before you start figuring out what to do.  Even with top-notch anti-virus you may still get hit somewhere down the line.  In a large organization you will want a virus response team.  In a small organization you may be the "team".  Users should be trained as well on safe computing practices (for example, don't follow that link that says "your system is infected, follow this link to download anti-virus software").

Now find an organization that actually does all three layers, appropriate training, and pre-development of the plan.  Some do, but most do not primarily because of cost / complexity.  More frequently you will find a 2 layer defense -- an edge server primarily for nasties in e-mail and a a single anti-virus package on every system and server.  Even more frequently is the 1 layer defense -- antivirus on workstations and servers.  Then of course you have all the gamblers out there who don't have even a proper 1 layer protection.

What is enough becomes the business question.  When I put on my security hat I have to say a proper 3 layer defense is the right strategy.  When I stick on my business cap a complete 1-layer defense (by complete I mean good anti-virus and anti-malware deployed to every network server and workstation) may be a sufficient cost / risk balance.  In all honesty, I have only been in two companies where IS got green-light to implement a full 3 layer anti-virus solution.  Both instances we were high exposure so the cost was well worth lowering risk.

Running different anti-virus on your servers than your workstations is not much cost, nor does it increase complexity much (other than figuring out where to put your management console for the workstations).  But honestly, the incremental protection provided here is rather small as well.  Getting a good edge device in place is where you will get more bang for buck (this wraps me around to anti-SPAM that I said I'd ignore....most of your good edge devices / software packages are going to provide capability  both anti-virus and anti-SPAM).
0
 

Author Comment

by:Feragh
ID: 24760254
Thanks for the detailed and informative reply.  That answers many of my questions quite nicely.  You are right in that the companies will most definitely not spring for the cost of the 3 layer solutions, but I will definitely be using several of the suggestions stated above.  I especially like the idea of varying the software makes between the client and server levels.

A couple follow up questions for you.  Have you found any anti-virus/malware products to work better for clients and others for servers?  In my case, both client and servers are Microsoft, namely Windows XP Pro and Windows Server 2003.  I am also curious to know more on your thoughts on anti-spam.  We currently use an anti-spam product from GFI for one company and the other has yet to impletement one.  And are you talking more than just a software based anti-spam client.  The mail client I am using is Exchange 2003.

Thanks again for the help.
0
 
LVL 14

Expert Comment

by:mds-cos
ID: 24787309
Anti-SPAM....Brightmail is the best solutions I've ever used.  If your network is small you can get away with loading it directly on the Exchange server.  But the better approach (and the only good approach in larger networks) is to set up Brightmail on a seperate system (btw, this applies to GFI also).  Currently I am using a Barracuda appliance, which also works well.  Takes a bit more maintenance than Brightmail, and I cannot get it "locked down" as much as Brightmail without getting false positives.  I have never used GFI, but it does get good reviews (from my understanding it is utilizing the same technology Barracuda uses).  Brightmail and Barracuda offer anti-virus, as does GFI if I remember correctly from last time I read a product brief for GFI.


Anti-virus probably gets more into the esoteric discussions.  Symantec anti-virus is obviously a leader in market-share, and I've had no complaints on their anti-virus (thought I strongly recommend against their Internet Security Suite product).  McAfee is getting good reviews, but I have had problems in the past with them.  I am using AVG right now with good success (you will find that AVG does not get top-spot on reviews though).  I've also used Fprot on servers many years ago, but their ratings have slipped since I used it last.

My current opinion on Anti-virus is that basically any of the "top 5" products are about the same, and any of the "top 10" will give you about equally good protection.  This, of course, can be the topic of very vigorous debate!

For servers, you do want to be sure that you are using a product specifically designed to run on servers, and from a company that has been around for awhile.  I have used Symantec, Fprot, McAfee, AVG, and a handful of others on servers.  Fprot is the only one that caused problems...I had to tweak it because "out of the box" killed performance on one of our apps.  I also once had a customer blow up a server once when they uninstalled Symantec, and I had to go in and manually clean up the registry for them.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now