Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Do we really need anti virus program on Firewall-1

To: "C.K. Lung" <[email protected]>
Subject: Re: [FW1] Do we really need anti virus program on Firewall-1
From: Todd Jensen <[email protected]>
Date: Fri, 22 Sep 2000 10:51:36 -0400
Cc: "fw-1-mailinglist (e-mail)" <[email protected]>
References: <[email protected]>
Sender: [email protected]

>From my experience it is easier and perhaps better to administer content filtering
(including anti-virus) at some chokepoint, and the firewall can provide that
chokepoint.

If you have complete control over every node on your network, then maybe centralized
content filtering is not needed. If your users have the ability to turn off
virus-scanning or you cannot push virus sigs to all the desktops quickly and easily,
you should back up your host-based virus scanning with one that scans all traffic
coming to/fro your network.

Note that the scanning doesn't need to happen ON the firewall, one could use CVP to
vector the traffic to a content-filtering package on another workstation. In the
case of mail, one could also use the firewall to enforce a rule that all mail must
flow through a single server, and put the content filtering software on that host.

Another argument for adding centralized content filtering is that you might wish to
use a different vendor for your centralized scanning than your host-based scanning.
This adds some security, in that one vendor might have sigs available earlier for
virus X than the other. Sigs for one of the recent viruses were available for our
centralized scanner 2 days before they were available for our desktop solution.

Centralized solutions typically also give you the ability to filter mail based on
file extension. This allows you to drop all mail with, e.g., .vbs extensions so that
when the latest lovebug variant is released, you'll still be safe if it uses vbs.
Your server based scanner may be able to do this.

-Todd Jensen
Veridian ERIM International
Ann Arbor, MI
[email protected]

"C.K. Lung" wrote:

> Since each server and workstation has anti-virus program running, do we
> really need to run anti-virus program on the firewall?
>
> Any comments are appreciated.
>
> Ivan
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Do we really need anti virus program on Firewall-1
  - From: "C.K. Lung" <[email protected]>

Prev by Date: RE: [FW1] fw logexport with FW-1 4.0
Next by Date: RE: [FW1] SecuRemote over the Internet
Previous by thread: Re: [FW1] HA config and port 8116 traffic
Next by thread: RE: [FW1] Do we really need anti virus program on Firewall-1
Index(es):
- Date
- Thread