Virus on network
 

Hi allz,

We have a 30 PC network with a software development central server.Which have the main software.Our Network is infected by malware which I think came from a users USB.How to secure our network from viruses.All the PC's running windows.Now I want to install a linux gateway/firewall.
Which is the good one.Smoothwall,IPCOP or IPfire.Please suggest.And how to scan for viruses and detect them before they infect the systems.

The best firewall/gateway is one you write yourself, one that you understand.

What a lot of people do is run a transparent proxy with content/AV filtering. There are howtos around the net.

But it is not clear how you can use this to stop a virus loaded from a usb key to a client machine. You need to secure the client! There are solutions for this on windows that can be deployed across a network... but they'll cost you.

Can you please name the solutions for me ?

Well out of 50 users here I have 2 that need to use USB flash drives the rest do not need them to do their job, so I disabled USB Storage devices on their PC's.. (registry edit and a reboot is all that is required) This inexpensive utility from Intelliadmin will let you do all the PC's on your network at once from your desk.. IntelliAdmin they also have afree utility to do this one PC at a time ..
Free remote USB Drive disabler
Or if you are into manually editing the registry instead of making use of a convenient tool
How to manually disable USB Drives
How to manually disable USB Drives MICROSOFT KB

A More comprehensive solution that will allow specific users to use specific USB drives such as a company supplied USB flash drive, but NOT one they found in the parking lot would be from Checkpoint. This product is called Pointsec.


Desktop firewalls configured properly on all your PC's would help prevent malware from spreading inside your network.

A firewall, only on your internet connection, will give your network a hard and crunchy Shell, but without a product like pointsec to harden your windows PC's the inside of your network is still soft and chewy..


And I have to ask, if malware spread inside your network. Are you running Desktop Anti-virus on your Workstations ? A centrally managed AV solution is a must. Something that notifies you if a user isn't updated, and also will not allow the users to disable the AV to improve their workstation performance.. Kaspersky, Trend Micro, Symantec, Mcafee, ComputerAssociates, other... ??

I gotta second above - entire post.

You realize that most of the money made by security consultants is for setting this up for people who didn't think they needed to.

Rethink your security policy - seriously. Security is important. Try to avoid product-centered thinking.

AV on each machine, firewall on each machine. There are free versions - but a commercial deployment will still cost you if you are not prepared to understand it and is useless if you don't have a clear security policy.

Hi,

What if i place a linux machine for the employees to check their USB for viruses and than can use it for office work ? Coz here viruses transfering through USB.

Why rely on employees using it?
Why not put AV on all the hosts?
Why not upgrade all work machines to linux? - problem solved.

Do employees need to use usb keys for work?

Like I said, sort out that security policy.

You know, one of the advantages of not getting paid for this is that I get to tell people what's good for them instead of what they want to hear. When I am getting paid, I charge double when a customer insists on ignoring good advise.

Dear Simon,

I agree with you why they dont use linux.I am new here lets see what they do on my suggestion for linux.

If this has got people worried, and you've been asked to come up with something... the best approach is to do a report on securing individual hosts... spell it out: they need firewall and AV on each computer. It must be kept updated. Cost it out.

Do the same analysis costing out free software solutions for the same thing.

As a foot note, point out that these systems were designed for a free OS. Suggest that a migration should be considered, especially in light of a near-term prospect of a very costly migration to Vista. (Only a few sentences - you main thrust is to get the network secure).

If this is just you as joe-worker... get linux on your own system. Every time something happens just smile and say: "what malware".

Read the following:
http://zgp.org/~dmarti/linuxmanship/

Desktop Antivirus can be configured to SCAN the USB drive on access.. so if they plug it into their PC it gets scanned so it can not infect the workstation or the network.

I'm currently running Symantec Client Security 3.0 on my windows network and the cost for this centrally managed solution is about $23.00 PER PC FOR 1 YEAR. This solution is a centrally managed Antivirus/anti-malware/with managed Client Firewall.

Cleaning up one virus that spreads throughout the entire network would cost more than that in labor and lost productivity so Why would I bother chancing it ?

Bite the bullet and install desktop protection. If you are going to run windows you have to play in the windows security world and secure the workstations at the extra expense and be willing accept the hit to your PC performance these solutions will cause.

Ok development is being done on PHP and Mysql so which Distro is good so can employee can also leave the XP on that distro's first glance and what about that version controlling of that development environment.This software is being used cs-rcs.So in place of this which linux version controlling can be used which to be easy for me.

RCS exists for linux as well.
http://www.yolinux.com/TUTORIALS/Lin...alRCSinto.html
... though CVS is more common:
http://www.faqs.org/docs/Linux-HOWTO/CVS-RCS-HOWTO.html

PHP and MySQL is frequently part of a LAMP configuration, I believe favorites for those are Debian and RedHat/CentOS.
http://lamphowto.com/

Remember, a network cannot be "infected" by anything. (And the entire biological-metaphor is, altogether, completely misguided in reference to any form of silicon!)

Windows networks traditionally have serious problems because nearly all of their users run with administrative privileges: they can "do anything" with their machines, and therefore, so can any program that finds its way into their machine. You cannot reasonably stop "a program," or "a script," or a "what-have-you," from arriving on your computer. But you can strictly limit what it can do.

The very first thing to do is to make sure that every single user on your network is not an Administrator... even if that person's regular day-to-day job responsibilities are "administrative."

:eek: You, yes, even (and especially!) you, must not "routinely" run with Administrator privileges, no matter how "convenient" it might be for you. :eek:

The next thing you need to make sure of is ... backups. Windows has had a great backup-tool for centuries. So does OS/X (especially now!). So does Linux. USB or FireWire hard-drives are cheap. Backups can be totally automatic. It's easy.

When you do very-simple things, you can easily protect your network and its contents from the effects of rogue-programs. And that simple prudence is vastly easier than cleaning-up after the damage.

No matter what Mister Norton may tell you, you don't need their products and they don't make you "safer."

Uh huh... the first thing that I did to my latest Windows-XP box was to remove and disable all of Mister Norton's offerings. Zero problems since... and there never will be any. Yessir, of that I am quite sure.