PDA

View Full Version : Best mix of protection for corp LAN

spiff5000
July 15th, 2004, 03:48 PM
Hi all.

Two months ago, NAV was corrupted on my server due to the Randex worm. It didn't infect the machine but it took me several hours to realize NAV was hosed and causing the server to malfunction. Since then I've been on a quest to "layer-up" my protection. I've already bought and installed the following:

Sonicwall 4060 Firewall with Intrusion Prevention Service... on the gateway
GFI LANguard... for on-demand vulnerability detection
Symantec Anti-Virus v8.0 Corp Ed... running on servers and workstations
Webroot SpySweeper v2 Enterprise Ed... on workstations

I think I'm still lacking in worm/trojan prevention and application protection on the workstations. But I can't afford to install TDS, WG, PG, personal firewall or whatever else on 100+ workstations. Nor do I want software that will prompt users to take action on something they don't understand (i.e. SSM or PG asking if 'XYZ' can launch IE). I think some sort of app guard on the servers would be smart, but I don't check the servers on a daily basis for pop-up messages.

Given the above, what should I invest my limited money and time on?

-Spiff5000
*tagline pending regulatory approval*
hohoho
July 16th, 2004, 08:32 AM
take a look at BOClean (www.nsclean.com). I think that's precisely what you need. It can run completely without user knowing its presence. But, it is a memory monitor only anti-trojan which some people do not believe in.
se7engreen
July 16th, 2004, 09:48 AM
If you upgrade your SAV 8 to 9 you will gain email scanning and outbound worm heuristics.
meneer
July 16th, 2004, 10:05 AM
How about some corporate mail protection?
Since you're running GFI already, have a look at their, very affordable, mailessentials for exchange or smtp.
It also includes an anti-spam option, real good value.

You better also run a gttp proxy with content inspection. I don't know your setup, so you'll have to look around.

Our corp AV is based on CA eTrust, it comes with content inspection licence. Just requires a server.
spiff5000
July 16th, 2004, 01:10 PM
hohoho:

I'll take a look at BOclean.

se7segreen:

I currently have program SAV version 8.1.0.825 with scan engine 4.2.0.7. Bloodhound heuristics at set to maximum.

meneer:

Unfortunately, my Exchange 5.5 (WinNT) server is designed to route via site-connector to our primary Exchange server at our corporate HQ. So GFI MailEssentials and similar products cannot work :-\ in my configuration. But I've just purchased I Hate Spam for each desktop, which should arrive any day now.

-Spiff5000
*DNA patent pending*