Just about any modern A/V software should allow "off-line" updates.
Symantec for instance provides "Intelligent Update" downloads. You go to
the website from an internet connected PC and download the Intelligent
update, then use it to update your non connected systems, or update a server
and push the definitions to connected LAN clients.
Mark
-----Original Message-----
From: Steven Meyer [mailto:meysteven@gmail.com]
Sent: Sunday, November 27, 2005 3:37 AM
To: mark_brunner@hotmail.com
Cc: security-basics@securityfocus.com
Subject: Re: Antivirus on intranet network
Maybe wasn't my question clear enough, All the security problems
related to people trying to ad a laptop to the network or trying to
connect to the Internet from the work computers have been resolved.
As I tried to explain in my first e-mail, The point is how to update
an anti virus with out allowing him to connect to the Internet, and
witch anti virus would be able to do this ( threw diskette for
example).
2005/11/26, Mark Brunner <mark_brunner@hotmail.com>:
If your data has value, protect it appropriately. (I don't work for
Symantec anymore, but I still buy their products)
Personally, I run A/V on ALL my PC's, regardless of their internet
connectivity. If I am going to go to the extreme of creating an isolated
network, then I am going to make use of defense in depth and use multiple
vendor's A/V solutions there. The Internet is one attack vector into an
organization, however it is not the only one. Before we had the Internet
(yes, there was a time...) we still had virii. They propagated via floppy
&
CD-ROM (called SneakerNet), downloaded files, and email.
If you have ONE laptop on the "isolated" network, you have just multiplied
the likelihood of catching and spreading malware.
If you have ONE modem on any PC on the "isolated" network, you may have a
connection to the Internet.
If you move data from the shared network to the "isolated" network, then
you
may as well have just connected to the shared network.
I know of several businesses that have been brought to their knees
recently
for SEVERAL DAYS as a result of the Sober.X worm. These are organizations
that have invested in A/V products, but have misconfigured them, not
administered them properly, or have poorly followed procedures. The
threat
is real, the vulnerability is evolving, and the risk is constantly rising.
Cheers!
Mark
-----Original Message-----
From: Steven Meyer [mailto:meysteven@gmail.com]
Sent: Friday, November 25, 2005 6:07 AM
To: security-basics@securityfocus.com
Subject: Antivirus on intranet network
hello,
I have a "Working" network who is totally disconnected (physically)
from the Internet.
people do the "search" on the "Internet " computers and then go on the
"work" computers for analyse and the store the data.
The Question is: I would need a anti virus on the "work" computers and
I should be able to update the virus database daily without connecting
any computer to the Internet.
Which anti virus should I use and How could I do the update.
Thanks for any help.
Steven Meyer
