Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

from [Jeff Shawgo] Network Security [Permanent Link]
Subject: RE: Should webservers, eg. IIS 6 have anti--virus installed on them?
Date: Tue, 19 Jul 2005 07:47:58 -0500 (CDT) 
Antivirus needs to be part of the overall security plan for all Windows 
machines - it's just part of the cost of doing business - the cost of the 
software, maintenance, and CPU overhead.

Certainly, servers need to be patched, firewalled, isolated, and locked down.  
Additionally, code should be audited for vulnerability to XSS and SQL injection.

None of these things are perfect.  Not that AV is perfect, but it is another 
layer of defense - making it part of that "Defense in Depth" strategy.

AV has grown into more than just defense against viruses.  It is often 
effective against worm code, and some AV has identified common hacking tools 
(e.g. - NetCat) as something that doesn't belong on most systems.  You can 
argue the viability of this move, but most companies - if they have a security 
team - have less that 0.1% of their machines which maybe should have it there.

AV needs to be part of the cost of running Windows - for better or for worse.

~Jeff

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Should webservers, eg. IIS 6 have anti--virus installed on them?, jkowall
Next by Date:  Re: Should webservers, eg. IIS 6 have anti--virus installed on them?, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Previous by Thread:  RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Brunner, Mark
Next by Thread:  RE: Should webservers, eg. IIS 6 have anti--virus installed on them?, Harlan Carvey
Indexes:  [Date] [Thread] [Top] [All Lists]