You had a client machine with IIS on it??? -----Original Message----- From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] Sent: Friday, November 15, 2002 8:36 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus
Its not arrogance. Its intelligence. I can better manage 100 servers than 1000 client machines for antivirus protection. It also doesn't matter if I lose 10 client machines, as long as I don't lose any servers. I lose servers a lot more than 10 people are sitting on their thumbs. My former company's network did get hit with Code Red. From a client machine - none of the production servers were hit. With 60% or more users carrying laptops, being 100% up to date on client side patches and AV is nearly impossible, so you focus on what can be reliably controlled and take calculated risks with the others. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > Sent: Friday, November 15, 2002 9:15 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > That wasn't the point. The point was that if there was a > virus like Code > Red that was able to infect without a client opening a file > or downloading > something, there will be another virus like that again. It > doesn't matter > what patches are out for the Code Red vulnerability now. > Something like it > will come along and that will be that. Arrogance does not a > good policy > make! > > Adam > > -----Original Message----- > From: Robert Moir [mailto:rim@;LutonSFC.ac.uk] > Sent: Friday, November 15, 2002 8:04 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > Given that the patches that stopped the flaws code red relied > on were about > a year old when code red was released, its quite possible that even a > vaguely competent admin wouldn't see it on their servers. > > Robert Moir MSMVP > IT Systems Engineer > Luton Sixth Form College > Ciderspace: An online 3D virtual reality environment for > tramps. Ciderspace > Cafe: A park Bench. > > > -----Original Message----- > > From: Granatella Adam J [mailto:Adam.Granatella@;Sentry.com] > > Sent: 15 November 2002 13:30 > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Two words: Code Red. > > > > -----Original Message----- > > From: Roger Seielstad [mailto:roger.seielstad@;inovis.com] > > Sent: Friday, November 15, 2002 7:13 AM > > To: '[EMAIL PROTECTED]' > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > Every virus attack I've seen enters at the client machine level - > > regardless of how it enters the network, it infects a client > > machine. Its rare to have every client machine 100% up to date on AV > > signatures, etc, and because of that, they're always going to be the > > entry point. > > > > With that in mind, you need to take steps to protect every server, > > regardless of function. To do otherwise is, in this day and age, > > irresponsible. > > > > ------------------------------------------------------ > > Roger D. Seielstad - MCSE > > Sr. Systems Administrator > > Inovis - Formerly Harbinger and Extricity > > Atlanta, GA > > > > > > > -----Original Message----- > > > From: Luis Aguilera [mailto:laguilera@;basesix.com] > > > Sent: Thursday, November 14, 2002 5:52 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: [ActiveDir] AD and Network Core Services & Anti-Virus > > > > > > > > > The important thing is to keep in mind were your > vulnerabilities to > > > viruses lie. > > > > > > Most viruses, IME, come through either documents and/or emails. So > > > setting up a good system that protects your file servers > and email > > > servers from malicious code will go a long way in protecting your > > > network. You also want to think of implementing a system > > that protects > > > the end users, particularly something featuring the > > "pushing" of virus > > > definitions from a central location (that an admin manages) rather > > > than leave the onus of updating the virus defs to > end users. > > > > > > Also, please correct me if I'm wrong, but I've yet to see a > > virus that > > > directly targets AD, DHCP, DNS or other DNS servers. Does > > any know of > > > any? > > > > > > Luis Aguilera > > > IT Manager > > > BaseSix > > > > > > -----Original Message----- > > > From: Tim HInes [mailto:nupe009@;carolina.rr.com] > > > Sent: Thursday, November 14, 2002 4:26 PM > > > To: [EMAIL PROTECTED] > > > Subject: Re: [ActiveDir] AD and Network Core Services & > > Anti-Virus > > > > > > > > > Although antivirus programs can cause problems I would > > advise that > > > you run it on your servers. The disasters that a virus can cause > > > outweigh the problems that a virus scanner may cause. It > > may save you > > > from having to rebuild your boxes. > > > > > > > > > Tim Hines, MCSA, MCSE (2000 & NT4) > > > MVP - Active Directory > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > From: Myrick, Todd (NIH/CIT) > <mailto:myrickt@;mail.nih.gov> > > > To: > > > '[EMAIL PROTECTED]' > > > Sent: Thursday, November 14, 2002 3:53 PM > > > Subject: [ActiveDir] AD and Network Core > > > Services & Anti-Virus > > > > > > > > > I have a quick question, Our operating > > > procedures for Core Network Service (AD DCs, WINS, DDNS, CA, > > > Exchange (Antigen), DHCP) servers has been not to run with > > > Anti-Virus protection on them. We feel that the potential for > > > scanner code to conflict with the network service is higher if we > > > do, and since we don't execute man applications from the server > > > unless they are scanned we don't feel we are at > > much risk. > > > > > > What I would like to know is, what does > > > everyone on this list feel an is a good strategy when it comes to > > > these types of services and anti-virus product? > > > > > > Thanks in Advance, > > > Todd > > > > > > > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > > > > > This e-mail is confidential. If you > > are not the intended recipient, you must not disclose or use > > the information contained in it. If you have received this > > mail in error, please tell us immediately by return e-mail > > and delete the document. > > List info : http://www.activedir.org/mail_list.htm > > List FAQ : http://www.activedir.org/list_faq.htm > > List archive: > > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > > This e-mail is confidential. If you > are not the intended recipient, you must > not disclose or use the information contained in it. If you > have received this > mail in error, please tell us immediately by return e-mail > and delete the > document. > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return e-mail and delete the document. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
