LAN Administrators - READ - DodgeIntrepid.Net Forums - Dodge Intrepid, Concorde, 300m and Eagle Vision chat
 
LinkBack Thread Tools Rate Thread Display Modes
post #1 of 15 (permalink) Old 12-05-2001, 10:56 PM Thread Starter
Intrepid Pro
 
DjPiLL's Avatar
 
Join Date: Jun 2001
Location: New York City
Posts: 4,739
Feedback: 1 / 100%
                     
LAN Administrators - READ

Ok. These viruses that are coming out are really becoming a pain in my ass. Nimda wiped out a ton of files on my server. And now this last one Goner.... it only took ONE person in my company to get infected to spread a total of 5800 infections.

I am curious to hear of my fellow Network Administrator's ideas on virus protection.... in a Microsoft Exchange/Outlook envioronment.

At my job... we run Network Associates Groupshield on the email servers which is an awesome product. We can block all sorts of attachments (SHS, EXE, PIF, VBS, SCR, etc etc). On the desktop we run Norton Antivirus which kinda sucks, but its easy to distribute through a Novell server.

With this last virus, I would have been fine since SCRs were being blocked... but some asshole at my job decided to click on the attachment in an email he got with his personal YAHOO mail account. One guy i talked to said he is blocking mail.yahoo.com on his firewall, which is an ingenious idea... but no way I can get away with doing that at my job. Too many people will bitch.

What do you guys do to counteract this? Or is there a way to counter it. LOL

DjPiLL
2010 Jeep Wrangler Sahara
2011 Audi S5 Cabriolet
DjPiLL is offline  
Sponsored Links
Advertisement
 
post #2 of 15 (permalink) Old 12-06-2001, 01:22 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Among many of my responsibilities, I am in charge of directing the Antivirus and Electronic Information Security divisions of my organization. We have over 15,000 desktops and also offer remote access to our employees and various other outside agencies.

Using GroupShield is a good call. I don't have the problem of users accessing outside email accounts as it is literally illegal for employees to do so from our network and they risk jail time as a result.

I agree with your friend who blocks other mail at the firewall. What you may want to do (it all depends on your environment if you can) is block outbound TCP port 110 at your firewall. This will disable the ability of anyone to access POP3 mail at any other server that is outside of your firewalled network. If you have key people that need access, you can open the port for them at the firewall and still deny access to everyone else. If you do open that port for a select group of users, you must instruct them on general virus avoidance and make sure that their machines are up-to-date on the DAT files every day.

Regardless of if you block the port or not, anyone using your organization's (or company's) resources in a non-approved manner should be subject to disciplinary measures. Getting a virus that causes downtime and data loss is very expensive when you take into account lost productivity, administration time, data loss, etc. It is akin to having someone with a company car drive it through your front door. It is unapproved usage of company resources.

If you need help on drafting up a generic Terms of Usage for your electronic assets, surf around on your favorite college's website. They tend to have the best verbage to perform some CYA as well as make the verbage non-technology specific...e.g. copyrighted works vs. MP3 or pirated software.

Last but not least, kick their ass for making you do extra work.
cj is offline  
post #3 of 15 (permalink) Old 12-06-2001, 01:35 PM
 
Join Date: Sep 2001
Posts: 8,099
Feedback: 0 / 0%
               
Quote:
Originally posted by cj:
Regardless of if you block the port or not, anyone using your organization's (or company's) resources in a non-approved manner should be subject to disciplinary measures. Getting a virus that causes downtime and data loss is very expensive when you take into account lost productivity, administration time, data loss, etc. It is akin to having someone with a company car drive it through your front door. It is unapproved usage of company resources.
This is completely different for all companies. My company (even though it is much smaller than yours) would not allow such blocking of ports. They allow personal surfing and e-mail as long as it doesn't interfere with them getting their work done.

[ December 06, 2001: Message edited by: Intrepid99 ]
IntrepidXJ is offline  
Sponsored Links
Advertisement
 
post #4 of 15 (permalink) Old 12-06-2001, 01:53 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Quote:
Originally posted by Intrepid99:
This is completely different for all companies.

Doh! This is just like when someone told me that Santa Claus wasn't real. I want to live in my own perfect little world. I'm crushed. :(

In a perfect world it would be true. Notice the use of the word "should". People tend to call me a "Data Nazi" for some reason and I don't know why. ;)

Ah well, I suppose that's what I get paid for. Thanks for the clarification!
cj is offline  
post #5 of 15 (permalink) Old 12-06-2001, 02:21 PM
 
Join Date: Sep 2001
Posts: 8,099
Feedback: 0 / 0%
               
I got your point...I just like to be difficult ;)

If I had to support as many users as you do, I definately would not want anyone to do anything they shouldn't, either The less they can do, the less problems you have

[ December 06, 2001: Message edited by: Intrepid99 ]
IntrepidXJ is offline  
post #6 of 15 (permalink) Old 12-06-2001, 04:28 PM Thread Starter
Intrepid Pro
 
DjPiLL's Avatar
 
Join Date: Jun 2001
Location: New York City
Posts: 4,739
Feedback: 1 / 100%
                     
Intrepid99 is right. Most companies have premadonnas that will not buy not being able to get their personal email. If the CEO of the company wants his personal email, who can u take diciplinary actions to? Hehehehe.
DjPiLL is offline  
post #7 of 15 (permalink) Old 12-06-2001, 04:56 PM
 
Join Date: Jun 2001
Posts: 4,980
Feedback: 0 / 0%
                     
Most email (even web-based) can be routed through Outlook. Let them get their email through Outlook and then you can block attachments.
DMAG is offline  
post #8 of 15 (permalink) Old 12-06-2001, 05:29 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Quote:
Originally posted by DjPiLL:
Intrepid99 is right. Most companies have premadonnas that will not buy not being able to get their personal email. If the CEO of the company wants his personal email, who can u take diciplinary actions to? Hehehehe.
Take it to the company's Board of Directors, the SEC, or the court system. There is always a bigger fish in the ocean.

I understand the need for certain select individuals to have "willy nilly" access for political reasons. Any firewall worth it's salt will allow you to have multiple rules for a single port. The general rule when designing firewall rulesets is to "Deny all unless explicitly allowed". This will give you a secure and relatively easy to manage firewall.

For example, if you were using a metered connection that charges you for the amount of data you transmit per month, you could block Shoutcast for instance (a bigtime bandwidth hog) for your average everyday employee, you could set a rule that denies all outbound and inbound access to port 8000, while you and your buddies/bosses (at whatever IP or IP range) have the port reopened by a subsequent rule. That way you can play "Data Nazi" but not bite the hand that feeds you.
cj is offline  
post #9 of 15 (permalink) Old 12-06-2001, 06:24 PM
 
Join Date: Sep 2001
Posts: 8,099
Feedback: 0 / 0%
               
Quote:
Originally posted by cj:
For example, if you were using a metered connection that charges you for the amount of data you transmit per month, you could block Shoutcast for instance (a bigtime bandwidth hog) for your average everyday employee, you could set a rule that denies all outbound and inbound access to port 8000, while you and your buddies/bosses (at whatever IP or IP range) have the port reopened by a subsequent rule. That way you can play "Data Nazi" but not bite the hand that feeds you.
To be diffucult again. There are pleny of ways around this! Pretty much anything you can think of doing on the internet can be done over port 80, including shoucast (as a shoutcaster I know this ;) Just check out Shoutclub for PHPcast. It uses PHP to relay the stream thru a webserver on port 80).
IntrepidXJ is offline  
post #10 of 15 (permalink) Old 12-06-2001, 06:48 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Quote:
Originally posted by Intrepid99:
To be diffucult again. There are pleny of ways around this! Pretty much anything you can think of doing on the internet can be done over port 80, including shoucast (as a shoutcaster I know this ;) Just check out Shoutclub for PHPcast. It uses PHP to relay the stream thru a webserver on port 80).
Dammit!!! Quit waking me up out of my perfect little world haze!

There are plenty of freeware port redirectors that, when used properly, can pass any traffic of any kind across any port. That's when logging comes into play and you smack the user around for intentionally attempting to circumvent the company's security measures.

The fact is, you can never have a 100% secure network. Anyone who tells you that you can is lying out their uh...mouth. ;) After all, it's all just ones and zeros - not as complex as say...DNA. But then again, that's just GTAC. I digress....

My purpose in expanding this thread was to offer additional trains of thought for (DJPill) and other options for securing the network. There will always be the advanced user base that you'll have to deal with procedurally as opposed to technically, however, you can bamboozle about 95-99% of the (l)user base by implementing electronic roadblocks.
cj is offline  
post #11 of 15 (permalink) Old 12-06-2001, 06:58 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Ack...did I actually use "bamboozle" in a sentence?
cj is offline  
post #12 of 15 (permalink) Old 12-07-2001, 12:00 AM
Intrepid Fan
 
JigSawMan's Avatar
 
Join Date: Jun 2001
Location: Murphysboro, IL
Posts: 118
Feedback: 0 / 0%
 
Well, I work in an education environment where it is almost impossible to nail anything down securely. For virus protection I have found that the corporate edition of Norton Antivirus works the best for us. I have my server running the management and liveupdate software which keeps all the clients running smoothly. Every time a virus is detected on my server or any client I am immediately notified (Although 99% of the time no action is required on my part, Norton will have already have dealt w/the problem). Any time a new virus definition file comes out, my server grabs it and the next time a client logs on that update is automatically sent to them. I especially love being able to push software updates from my server to all the clients.

I especially love the Symantec support on this product so far. When I purchased the licences for our college, the vendor failed to provide the installation media we had ordered (the vendor went out of business after we placed our order, so we were lucky to have gotten the licenses) so I called Symantec directly and told them my license info. Symantec said "No problem, we will send you the media." This was at around 4PM central, at 10 AM the next morning, I had the installation media from Symantec. I also found out that there was a new version recently of the corporate edition of Norton Antivirus. How did I find out? Well by the fact that Symantec mailed the updated software to me without me even having to ask them about it. Great customer service!

I feel sorry for my buddies at all the other colleges on campus. The university has purchased a campus-wide license for the McAfee line of antivirus software (which is crap in my book.) In several instances I have literally removed the latest version of McAfee with the latest virus definitions from a clients machine and replaced it with Norton. Norton immediately found viruses resident the McAfee had missed. Some protection there (insert sarcasm.)
JigSawMan is offline  
post #13 of 15 (permalink) Old 12-07-2001, 04:20 PM Thread Starter
Intrepid Pro
 
DjPiLL's Avatar
 
Join Date: Jun 2001
Location: New York City
Posts: 4,739
Feedback: 1 / 100%
                     
Jigsawman:

I am going to disagree with you bigtime on this. I have had really bad experiences with Norton's support. My company purchased the gold support. I am not sure if that is what you have, but whenever I have to call Norton.... I have to sit on hold and listen to the hold jockey for at least 30 minutes as long as an hour to get somebody. I just don't have that kind of time to spare during the day to be sitting on hold to get customer service for a product where I already paid extra money to get service.

Also as far as the program itself goes.... it is not nearly as good as McAfee. First off, whenver a new serious virus comes out (ILOVEYOU, NIMDA, GONER, etc), it takes Norton significantly longer to post updated defs. McAfee will get updated defs (or at the very least a patch called EXTRA.DAT) that can add to your existing defs to wipe the virus. For every new supervirus that came out this year, I would say that McAfee had the new defs out before Norton on almost every instance.

Now just so you don't think I am biased, I am running Norton Corporate Edition on 400 PCs here. Yeah the distributed install is better than McAfee, but the product itself just isnt as good. Ive noticed on some PCs Norton will detect a virus, but wont wipe it till its already launched (and infected). For email, I am running McAfee groupshield on my exchange boxes. Now that is a superior product. Not only will it detect and wipe viruses in Microsoft's MAPI database, before the email even gets to the user.... it will also allow blocking of any file extension you choose. If it wasnt for Groupshield, i would have been f**ked on many occasions. No way Norton could handle the severity of the virus attacks that I have seen hit my company in the past year.

DjPiLL
2010 Jeep Wrangler Sahara
2011 Audi S5 Cabriolet
DjPiLL is offline  
post #14 of 15 (permalink) Old 12-07-2001, 07:39 PM
Si
 
Join Date: Jul 2001
Posts: 1,061
Feedback: 0 / 0%
 
Got Linux?

:p

Si is offline  
post #15 of 15 (permalink) Old 12-07-2001, 09:31 PM
Intrepid Fan
 
JigSawMan's Avatar
 
Join Date: Jun 2001
Location: Murphysboro, IL
Posts: 118
Feedback: 0 / 0%
 
DjPill- Interesting how two different people can have experiences 180 degrees from each other on the same software. I'm sorry to hear of your problems with Norton, but I have never had ANY bad issues with Symantec tech support, guess I may in the future. You are right about McAfee coming out with their updates faster, but who cares about that when the basic engine is a resource hog and does not even detect the viruses to begin with (in my experience.)

Si- actually I do have Linux. I'm not about to try and inflict it on my users, however. While the various distributions of it have become fairly user-friendly, there still are not enough apps for the average Joe to have any desire for it.
JigSawMan is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DodgeIntrepid.Net Forums - Dodge Intrepid, Concorde, 300m and Eagle Vision chat forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

Member names may only be composed of alpha-numeric characters. (A-Z and 0-9)

!!ATTENTION ADVERTISERS!! If you intend on advertising anything on this forum, whatsoever, you are required to first contact us here . Additionaly, we do NOT allow BUSINESS NAMES unless you are an Authorized Vendor. If you own a business, and want to do sales on this site via posting or private message, you will need to follow the rules. Shops, Stores, Distributors, Group Buys without being authorized will see your account terminated.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome