[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Do we really need anti virus program on Firewall-1
>From my experience it is easier and perhaps better to administer content filtering (including anti-virus) at some chokepoint, and the firewall can provide that chokepoint. If you have complete control over every node on your network, then maybe centralized content filtering is not needed. If your users have the ability to turn off virus-scanning or you cannot push virus sigs to all the desktops quickly and easily, you should back up your host-based virus scanning with one that scans all traffic coming to/fro your network. Note that the scanning doesn't need to happen ON the firewall, one could use CVP to vector the traffic to a content-filtering package on another workstation. In the case of mail, one could also use the firewall to enforce a rule that all mail must flow through a single server, and put the content filtering software on that host. Another argument for adding centralized content filtering is that you might wish to use a different vendor for your centralized scanning than your host-based scanning. This adds some security, in that one vendor might have sigs available earlier for virus X than the other. Sigs for one of the recent viruses were available for our centralized scanner 2 days before they were available for our desktop solution. Centralized solutions typically also give you the ability to filter mail based on file extension. This allows you to drop all mail with, e.g., .vbs extensions so that when the latest lovebug variant is released, you'll still be safe if it uses vbs. Your server based scanner may be able to do this. -Todd Jensen Veridian ERIM International Ann Arbor, MI [email protected] "C.K. Lung" wrote: > Since each server and workstation has anti-virus program running, do we > really need to run anti-virus program on the firewall? > > Any comments are appreciated. > > Ivan > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|