Solved

Server 2008 R2 Remote Desktop Services Antivirus solution

Posted on 2011-03-02
18
2,824 Views
Last Modified: 2013-11-22
Hello,
I am going to be implementing a new Server 2008 R2 domain structure running a Server 2008 R2 Remote Desktop Services server, Exchange 2010 Server and SQL 2008 Server all running in separate VM's on a Server 2008 R2 Hyper-V host and wanted some information regarding antivirus. I have a 55 user domain that all 55 users will log in via RDS. Currently we have a 2003 Domain running Terminal Services, Exchange 2003 and SQL 2005 running on their own physical boxes. The antivirus we use (ESET NOD32) is effective but runs a process for every user logged on and I have noticed that occasionally there are problems with the process that causes it to crash and sometimes crashing the primary ESET process and the server. I would like to move away from that type of situation.

We just recently implemented Postini Message Security service and I have been using OpenDNS content filtering along with a SonicWall TZ210 with the full Comprehensive Security Suite (Gateway AV, Spyware, Intrusion Prevention, Content Filtering) installed for some time. Keep in mind 48 of those users are accessing the server through VPN tunnels from remote offices and the TZ210 scans the VPN connections as well and the end users local pc's do have antivirus installed.

Those products/services seem to be doing a good job of blocking websites that are inappropriate and/or malicious and in blocking viruses, spam and malware before it actually hits my servers.

My question is has anyone had any experience using just firewall gateway and cloud based AV, Spam and content filtering and not installing any local AV on the server. The users have no way of physically accessing the server to use USB or the CD drive.

Any information and/or suggestions would be welcome.

Thanks in advance
Robert
0
Comment
Question by:Gadgetguyz
  • 9
  • 6
  • 3
18 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35020155
Well in theory everything should be caught at the gateway filter but you know not everything is full proof. I suggest installing AV on the systems as well because this gives you a layer of security on the system itself. McAfee runs well on a Terminal Server.
0
 

Author Comment

by:Gadgetguyz
ID: 35020507
True nothing is 100% even locally installed AV which is why I feel the multi-layered approach that I have in place should be a good defense w/o the resource drain of a locally installed product. Considering the end users cannot access physical equipment that opens up USB attacks etc. on the server I am hoping to be able to eliminate the cost, management and resource issues of installing an antivirus software. I am hoping someone has actual real world experience with a configuration similar to what I am wanting to use that can attest to it's effectiveness.

I do appreciate your comment!
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 250 total points
ID: 35020742
I have had the configuration you want but again we still had some issues on the server itself even though users don't have access to the physical server the gateway device was still not catching everything which would allow for malware and virus to install on Terminal Server. Without virus protection on the Terminal Server we weren't notified of any infection until the system was fully infected and needed a rebuild at that point.

The overall issues are not knowing you are infected or not on the server.
0
 

Author Comment

by:Gadgetguyz
ID: 35020906
I see your point thanks for clarifying. What I have been seeing is even companies such as McAfee and Symantec are offering AV as a SaaS solution which is what Postini service is doing and the SonicWall is filtering email and http traffic. How long did you run your configuration?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35021067
Well the site had it in for a while but I don't know how long until  they got affectted and how long the site could have been potentially having private data been sent to hackers
0
 

Author Comment

by:Gadgetguyz
ID: 35021485
Thanks I appreciate your input.
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38615486
Just wanted to get some advice from someone as I have a very similar setup coming up with Server 2012 and Hyper-V with SonicWall TZ210 and about 30 Users.

Do you install AV on clients local machine as well on the RDS Server?

Any recommendations on configuring client machines to lock down?
0
 

Author Comment

by:Gadgetguyz
ID: 38618050
I do not have software AV installed on the server at all. I have been running a router/cloud AV solution and AV installed on each workstation. I have been running this solution for a couple years without any issue. I have a SonicWall NSA 250MW running the comprehensive security suite.
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38618481
Oh cool, so AV for Workstations is a hosted solution, so I am assuming all workstations even if they just are connecting to RDS Server have AV?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 

Author Comment

by:Gadgetguyz
ID: 38618514
t
hat is correct each workstation has a stand alone installs of Microsoft Security Essentials.
0
 

Author Comment

by:Gadgetguyz
ID: 38618525
Sorry that last comment was posted on my mobile not sure why it dropped that line down.
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38618526
Do you manage these installs/updates in any way AND what product do you use on RDS Server?
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38618533
We had looked at using MSE for Small Business but it seems to be only for Home or Home Office Use Only - unless something has changed?
0
 

Author Comment

by:Gadgetguyz
ID: 38618537
I don't manage the workstations all they are is simply clients to connect to the RDS server. The RDS server has no anti virus all my anti virus is handled through my router and cloud solutions.
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38618544
Interesting ....... would love to find out more about your architecture. You available via email or chat?
0
 

Author Comment

by:Gadgetguyz
ID: 38618557
sure I'd be happy to talk to you about it do you use Google Plus?
0
 
LVL 6

Expert Comment

by:Flipp
ID: 38618573
Sure do - how do I search for you?
0
 

Author Comment

by:Gadgetguyz
ID: 38618675
Here is a link to my profile - http://gplus.to/rwarren
0

Featured Post

Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now