[EMAIL PROTECTED] wrote:
I forgot to mention that. Yeah, there is a requirement for connectivity
between the 2 sides. That's why firewalling them is not an option.
I've been following this because I think it's outrageous. I don't envy
your problem.
I think you're in a situation where you'll have to say "if that's what
you want, then it's going to cost you" to whoever put the connectivity
requirement in place.
First off, you are going to want a firewall between production and lab.
Set it to deny by default, then allow ONLY the EXACT traffic that you
want to allow. Then configure logging and make it a point to review
the logs regularly.
I would also suggest a dedicated SMTP relay for the lab, with virus
scanning and extensive access restrictions: again, allow only what
you KNOW is safe, log everything, and review the logs regularly.
Configure your firewall so that ONLY mail that's gone through the
SMTP relay is allowed anywhere. This will stop a lot of SMTP-based
worms from getting anywhere, as well as alerting you to their
existance.
Even this will not protect you from every type of attack, but it
should reduce the rate of occurance significantly.
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Gil Kirkpatrick
Sent: Fri 10/17/2003 8:49 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network
Is there some requirement that the peope/devices in the test labs be able to
access the production network? Would a firewall between the two help?
-gil
-----Original Message-----
From: deji Agba [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 16, 2003 6:17 PM
To: [EMAIL PROTECTED]
Subject: VERY OT: Preventing Viruses from Lab to Live network
I'm sure this does not have much bearing on AD, per se. So, I
apologize for sending it to this forum that has one of the best collection of
brains I've ever seen.
I have some Engineering Testing Labs with a number of Domains and
computers sharing the same network with my LIVE domain. It's actually worse
than just sharing, but that's another story. Business requirements prevent
some clients on these domains from installing AV clients, updating patches or
even having passwords for the local admin password. Yeah, I know, but, again,
another story entirely. But, as you can deduce, Viruses happen in these Labs.
My question is this. How do you protect your Production networks from
settings like these? All production systems follow strict adherence to strict
security practices, but we occasionally have slippage (like someone on a
month-long vacation turning off a computer and thereby not getting patches
and AV pattern updates). How do you PREVENT share-eating Viruses like Mofei,
Nachi, etc from spreading from the Lab to your live network? I have been
evaluating a Product called Fortigate (from Fortinet), but I gave it up as
soon as I discovered that they do not protect against NetBIOS, share-borne
Viruses.
Any product there that can help me out?
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
