What about DC's should there or should there not be AV on them? They are only DC's no shares other than those associated with their base job.
Jon On Thu, Aug 28, 2008 at 3:42 PM, Sherry Abercrombie <[EMAIL PROTECTED]>wrote: > Hmmm, well, no concrete decisions, but some options to present to the > manager. We will be almost certainly be removing the internet access on > almost all servers most likely using ISA rules to block or allow access. > This will give the DBA's the ability when needed to do web-ex support calls > with Oracle, Siebel, etc, but not have the servers carte blanche internet > access. We're also looking at using ClamAV along with McAfee, letting > McAfee handle on access/write scanning but have ClamAV do the full on-demand > scans, and making on-demand scans a weekly event rather than a daily event > on most servers, (file servers would stay daily because users save files to > them, it would be foolish to open that hole). > > This seems to be a reasonable solution in my opinion but of course, final > decision rests with our manager. > > On 8/28/08, David Lum <[EMAIL PROTECTED]> wrote: >> >> "True, but, how did that virus get inside the domain in the first >> place? " They had no clue. One conceivable method would be a compromised >> laptop that was outside the LAN for a while and not updated until hitting >> the LAN again – DOH! Hit the LAN, infect some servers, then find out the >> laptop was infected…. We have plenty of laptops that float around (and yes I >> know with SCCM I can adopt a desired config to keep things off my LAN until >> they meet x requirements, but we are nowhere near that yet). >> >> >> >> Good points and yes, I for one am interested in what you guys decide. >> >> >> >> Dave >> >> PS I agree ePO is a major pain in the arse…. >> >> >> >> *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] >> *Sent:* Thursday, August 28, 2008 10:12 AM >> *To:* NT System Admin Issues >> *Subject:* Re: AV on *all* servers...or no? >> >> >> >> True, but, how did that virus get inside the domain in the first place? >> We scan email in multiple places (gateway, Exchange) with mutliple virus >> scanning engines, workstations have virus scan that scan's on access, on >> read, on write etc, then it shouldn't ever get in. >> >> I'm not necessarily advocating removing virus scan from all servers all >> the time, I just think that this idea (I'm talking about my local setup) of >> every server having the same setup/configuration needs to be re-evaluated. >> >> I'll let ya'll know what we decide in our meeting this afternoon. >> >> On 8/28/08, *David Lum* <[EMAIL PROTECTED]> wrote: >> >> What about viruses (viruii?) that spread via network share? Taking the >> gateway out won't stop those kind (W32/Sircam, etc). Textron had an issue >> when as soon as they'd bring up a new server it would get infected as soon >> as it joined the domain because some other had the virus… >> >> >> >> Dave >> >> >> >> *From:* Sherry Abercrombie [mailto:[EMAIL PROTECTED] >> *Sent:* Thursday, August 28, 2008 9:27 AM >> *To:* NT System Admin Issues >> *Subject:* Re: AV on *all* servers...or no? >> >> >> >> Ok, this is something that I've been dealing with/battling the powers that >> be for the last several weeks. Unfortunately, I'm stuck with McAfee Virus >> Scan Enterprise using EPO to manage it. Over the last several weeks I've >> had a problem with my backups to various servers failing (Backup Exec v11d) >> with an error that it cannot connect to the remote agent on the specified >> server. Then the next day or a day or so later, it's fine for several days, >> so I KNOW it's not a failure of Backup Exec or the remote agent. In >> researching the problem, I can pinpoint when it is failing in the BE job >> log, and pinpoint that McAfee on-demand scan is happening at the same time >> on the server. Problem goes away when I finally manage to get EPO to stop >> the on demand scan on the server (don't get me started on EPO, it's a royal >> pain in the ocola). My argument is that not all servers need to have virus >> scan on them, and that they can be further secured by removing their >> gateway. I firmly believe that servers such as file and print that users >> can write data to absolutely must have a virus scan application on them, >> regardless of performance hit. Users just can't be trusted. But most >> servers that are not directly touched by users saving files to it, not >> surfing the internet (IMNSHO, no servers should ever be used to surf the >> internet from), have their gateway removed and no or minimal virus scanning >> on them should be a reasonable approach. BTW, we are having a group meeting >> this afternoon at 1PM to discuss this subject. I guess I've been a squeaky >> wheel ;) >> >> On 8/28/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> IMHO, it isn't needed on all servers, or even the majority of them, *IF* >> your clients are up to date with AV software. I sometimes don't want the >> extra overhead on my servers of having AV installed, management of the >> software, patching of software, the all-too-often conflict of AV with >> other >> software, etc. >> >> But, OTOH, I don't necessarily think it's a bad thing to have AV installed >> on all servers in certain circumstances when done right. Just not >> NEEDED.... (IMHO). >> >> JR >> >> >> Original Message: >> ----------------- >> From: David Lum [EMAIL PROTECTED] >> Date: Thu, 28 Aug 2008 08:53:12 -0700 >> To: [email protected] >> Subject: AV on *all* servers...or no? >> >> >> >> [Cross posted here and on the Vipre Enterprise list] >> >> There is some debate among my fellow IS staff here weather AV should be on >> all 200+ of our servers. From my standpoint my question would be "Why >> not?" >> - put it on all servers and exclude what's necessary We are "SQL heavy" >> and >> I'm sure performance is the primary concern , but is there any compelling >> reason to completely leave it off of some servers? >> >> Dave Lum - Systems Engineer >> 971-222-1025 >> Northwest Evaluation Association - www.nwea.org >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> -------------------------------------------------------------------- >> mail2web LIVE – Free email based on Microsoft(R) Exchange technology - >> http://link.mail2web.com/LIVE >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> -- >> Sherry Abercrombie >> >> "Any sufficiently advanced technology is indistinguishable from magic." >> Arthur C. Clarke >> >> >> >> >> >> >> >> >> >> >> > > > -- > Sherry Abercrombie > > "Any sufficiently advanced technology is indistinguishable from magic." > Arthur C. Clarke > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
