LOL.... You are assuming I use PC on my network.
Sorry I don't mean the LOL in a bad way at all. I guess I just come from a different world (I started my life on Sun). I believe each of the points you both made, including OUTBOUND security to prevent hackers from using a hacked machine on our network, are very valid points. But I have yet to see gateway blocks actually reduce the number of infections on my network, and when compared to the complexity it introduces into the system, it is just not worth it. Complexity is your worst enemy. When things are kept as simple as possible, in a time of crisis, they are simple to figure out. If my goal was to keep infected machines off my network, monitoring (SNMP (CPU usage, IO, etc...) , Snort, Port Mapping, etc...) are a much more effective way. I would actively be monitoring every device (we only do routers and servers), I would use products like nagios to set alerts. I would become intimate with the way my users work, and the way their machines operate. I would never violate a netizen's right by restricting his or her movements on the internet. I believe a user should be able to use the machine assigned to them for what ever purpose they choose, and it is my job to provide a reliable, safe, and secure, environment for them to operate in. ;) Primary objective: Create a secure, safe, meaningful environment for OUR users. > From: st...@greengecko.co.nz > To: clamav-users@lists.clamav.net > Date: Fri, 21 May 2010 08:46:45 +1200 > Subject: Re: [Clamav-users] Tiered freshclam updates on port443 > > On Thu, 2010-05-20 at 16:09 -0400, Shawn Bakhtiar wrote: > > Back to the original issue. > > > > I still say having firewalls from higher security zones to lower ones, does > > not make sense. Security is only valid when it is INBOUND. Outbound > > security is no security at all, just a pain for your users. > > > Although this is way off topic for this group here's a couple of basic > scenarios for you... > > 1. How can you stop an infected PC on your network talking to it's > controller > 2. How can you stop an infected PC on your network spewing spam to the > world+dog? > > ...in a simple and controllable manner ( and yes, you will always get > infected PCs on your internal network ). > > Point 2. above is a no-brainer - just stop outgoing traffic on port 25 > from all but your mail servers; point 1. takes a bit more work. > > Steve > > -- > Steve Holdoway <st...@greengecko.co.nz> > http://www.greengecko.co.nz > MSN: st...@greengecko.co.nz > Skype: sholdowa _________________________________________________________________ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml