If your data has value, protect it appropriately. (I don't work for
Symantec anymore, but I still buy their products)
Personally, I run A/V on ALL my PC's, regardless of their internet
connectivity. If I am going to go to the extreme of creating an isolated
network, then I am going to make use of defense in depth and use multiple
vendor's A/V solutions there. The Internet is one attack vector into an
organization, however it is not the only one. Before we had the Internet
(yes, there was a time...) we still had virii. They propagated via floppy &
CD-ROM (called SneakerNet), downloaded files, and email.
If you have ONE laptop on the "isolated" network, you have just multiplied
the likelihood of catching and spreading malware.
If you have ONE modem on any PC on the "isolated" network, you may have a
connection to the Internet.
If you move data from the shared network to the "isolated" network, then you
may as well have just connected to the shared network.
I know of several businesses that have been brought to their knees recently
for SEVERAL DAYS as a result of the Sober.X worm. These are organizations
that have invested in A/V products, but have misconfigured them, not
administered them properly, or have poorly followed procedures. The threat
is real, the vulnerability is evolving, and the risk is constantly rising.
Cheers!
Mark
-----Original Message-----
From: Steven Meyer [mailto:meysteven@gmail.com]
Sent: Friday, November 25, 2005 6:07 AM
To: security-basics@securityfocus.com
Subject: Antivirus on intranet network
hello,
I have a "Working" network who is totally disconnected (physically)
from the Internet.
people do the "search" on the "Internet " computers and then go on the
"work" computers for analyse and the store the data.
The Question is: I would need a anti virus on the "work" computers and
I should be able to update the virus database daily without connecting
any computer to the Internet.
Which anti virus should I use and How could I do the update.
Thanks for any help.
Steven Meyer
