Security over a Large Network

I read here from various knowledgeable posters that it is necessary to run a good AV (like KAV or NOD32), and it addition Trojan Protection, Worm Protection and something like Process Guard to be reasonably safe.

This is fine for somebody with a few computers on a home or small office network, but how do you secure a large network of 100's of Win 2000 workstations scattered across a large geographic area.

Surely it is not practical, or desirable to have to add all this level of protection to each workstation where you have users who would not know what to do when one of these defensive programs pops up a window.

Dick

 

I guess it's a little tricky...at my work they only have a symantec router, linux based mainframe and norton antivirus...

Linux is the pluspoint here and the fact that they just mirror everything every friday apparently that is just my own experience but I don't think it would be that easy to set everything up like we do.

 

You choose programs that allow you to disable such popups. Most AVs can be set to disinfect/delete without user intervention and send a message to a central point while others may offer "corporate" versions with such features. The BOClean anti-trojan is specially designed for corporate use with a minimalist UI which users never need deal with (and can even be prevented from accessing). Being able to update from a central server rather than having each PC hit your Internet connection for updates is a must also.

As for other security software, firewalls and process monitors tend to be more chatty but this again can be disabled. However you will need to produce, test, update and distribute a suitable configuration that takes into account your corporate network environment and software usage. This can involve more effort but can also cover non-security issues (e.g. preventing users from running unlicensed software or games).