There are a number of virus (Symantec, NAI, Trend Micro) and embedded
active code (Finjan) protection products that use the firewall concept
and target protection of borders by providing proxies for SMTP and
HTTP. Following the firewall concept the value of these products is
that they provide upstream protection at what should be a border choke
point, but this does assume that you have controlled access to the
Internet through a few known points. Some vendors also provide
management frameworks to allow you to control your deployment and
rapidly distribute the latest and greatest updates in crisis
situations. Vendors can give you a layered architecture and put
components on everything from the aforementioned Internet gateways to
your servers (mail, file and print, even web and groupware -- there are
single-vendor solutions out there for scanning files on everything from
UNIX to NT to NetWare to Linux, as well as proprietary data stores for
applications like Exchange and Notes/Domino) to your desktop file
systems. Almost all of these can be set to try first to clean files and
then to quarantine or delete them.
Just in case you haven't heard this a dozen times already: nothing beats
user education. I recommend the Safe Email Practices guidelines from
SecurityAdvice.com. See the following link:
http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=47&aid=46
You can do whatever you like to reduce the risks to your users by
slapping AV software on everything that could be used as an infection
vector, but nothing succeeds like having your users understand that they
should wear condoms when dealing with Internet services and content.
You can put a lot of automagic stuff between users and the boogie man,
but nothing succeeds like telling the users that they are also
responsible for all risks to which they expose themselves or the
enterprise network and giving them a tips on how to reduce these risks
effectively with the tools that you have selected.
-Bayard Bell
Emory University
Oscar Rau wrote:
>
> What are the prevention and containment techniques in best practices, once a virus
> is on rampage? Apart from AV software on the systems and regular backups, what other
> precuations should one take to stop viruses?
>
> Thank you in advance.
>
> Oscar Rau
> [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
