NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Firewalls> 2000-q3

Subject: RE: [firewalls] Digest Number 388
From: Michael.Owennet-tel.co.uk
Date: Wed Dec 13 2000 - 11:31:36 CST

Next message: Jeff Deitz: "RE: [firewalls] Digest Number 388"
Previous message: Jeff Deitz: "RE: [firewalls] Digest Number 388"
In reply to: Martin: "Re: [firewalls] Digest Number 388"
Next in thread: Jeff Deitz: "RE: [firewalls] Digest Number 388"
Reply: Michael.Owennet-tel.co.uk: "RE: [firewalls] Digest Number 388"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

martinmediax.com said:
> At the very least they should be checking execution path! c:\Program
> Files\Internet Exploder\iexplore.exe should be allowed, while
> c:\temp\iexplore.exe should be recognized as a seperate application. If

Yes, that would be good, though an application that wasn't running could still be replaced, thus managing to circumvent the firewall.

> windows will not report the execution path somehow (Which I would have
> trouble believing, even from microsoft) then yes, they should checksum.
>
> It's a reasonable approach.

See my message just sent to the list & Chris Hastings - where do you store the checksums?

> The sad part is that under NT or Windows 2000 your virus scanning
> choices are somewhat ridiculous. The only program I've been able to
> live
> with for any length of time is AVP, but I can't leave it running
> because
> it slows the system down so dramatically if it's in live mode, where it
>
> does the most good. Mostly, I just don't run outlook :)

I use Sophos Intercheck, and don't have any real performance problems on my rather outdated machine. The only problem I have is when I'm trying to deal with samples of live viruses... And like you, I certainly don't run outlook, or any other java/activeX/whatever enabled mail client.

> Then again, in a corporate environment, the best thing to do (sadly!)
> may be to force the users to have the virus software running, via
> diabolical microsoft support tools if necessary, and take away certain
> of their rights by default, handle all traffic via proxies, et cetera.
> At least this way you know they're doing the right thing.

In a corporate network, you pretty much have to do things like this - when things go wrong, it's the time of people on this list that will be wasted, so we have to do everything we can. I don't think demanding that people run A/V software is excessive!

Mike

----
Michael Owen
IT Security Engineer
NET-TEL Computer Systems Ltd
Michael.Owennet-tel.co.uk
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Next message: Jeff Deitz: "RE: [firewalls] Digest Number 388"
Previous message: Jeff Deitz: "RE: [firewalls] Digest Number 388"
In reply to: Martin: "Re: [firewalls] Digest Number 388"
Next in thread: Jeff Deitz: "RE: [firewalls] Digest Number 388"
Reply: Michael.Owennet-tel.co.uk: "RE: [firewalls] Digest Number 388"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]