LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-12-2007, 06:36 AM   #1
zaheer
Member
 
Registered: Apr 2004
Location: Linux World
Distribution: Debian,Free BSD but Currently Using PCLinuxOS
Posts: 32

Rep: Reputation: 15
Post Virus on network


Hi allz,

We have a 30 PC network with a software development central server.Which have the main software.Our Network is infected by malware which I think came from a users USB.How to secure our network from viruses.All the PC's running windows.Now I want to install a linux gateway/firewall.
Which is the good one.Smoothwall,IPCOP or IPfire.Please suggest.And how to scan for viruses and detect them before they infect the systems.
 
Old 11-12-2007, 06:59 AM   #2
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
The best firewall/gateway is one you write yourself, one that you understand.

What a lot of people do is run a transparent proxy with content/AV filtering. There are howtos around the net.

But it is not clear how you can use this to stop a virus loaded from a usb key to a client machine. You need to secure the client! There are solutions for this on windows that can be deployed across a network... but they'll cost you.
 
Old 11-12-2007, 08:52 AM   #3
zaheer
Member
 
Registered: Apr 2004
Location: Linux World
Distribution: Debian,Free BSD but Currently Using PCLinuxOS
Posts: 32

Original Poster
Rep: Reputation: 15
Post

Quote:
Originally Posted by Simon Bridge View Post

But it is not clear how you can use this to stop a virus loaded from a usb key to a client machine. You need to secure the client! There are solutions for this on windows that can be deployed across a network... but they'll cost you.
Can you please name the solutions for me ?
 
Old 11-12-2007, 10:58 AM   #4
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,243
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
Well out of 50 users here I have 2 that need to use USB flash drives the rest do not need them to do their job, so I disabled USB Storage devices on their PC's.. (registry edit and a reboot is all that is required) This inexpensive utility from Intelliadmin will let you do all the PC's on your network at once from your desk.. IntelliAdmin they also have afree utility to do this one PC at a time ..
Free remote USB Drive disabler
Or if you are into manually editing the registry instead of making use of a convenient tool
How to manually disable USB Drives
How to manually disable USB Drives MICROSOFT KB

A More comprehensive solution that will allow specific users to use specific USB drives such as a company supplied USB flash drive, but NOT one they found in the parking lot would be from Checkpoint. This product is called Pointsec.


Desktop firewalls configured properly on all your PC's would help prevent malware from spreading inside your network.

A firewall, only on your internet connection, will give your network a hard and crunchy Shell, but without a product like pointsec to harden your windows PC's the inside of your network is still soft and chewy..


And I have to ask, if malware spread inside your network. Are you running Desktop Anti-virus on your Workstations ? A centrally managed AV solution is a must. Something that notifies you if a user isn't updated, and also will not allow the users to disable the AV to improve their workstation performance.. Kaspersky, Trend Micro, Symantec, Mcafee, ComputerAssociates, other... ??

Last edited by farslayer; 11-12-2007 at 11:08 AM.
 
Old 11-12-2007, 11:51 PM   #5
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
I gotta second above - entire post.

You realize that most of the money made by security consultants is for setting this up for people who didn't think they needed to.

Rethink your security policy - seriously. Security is important. Try to avoid product-centered thinking.

AV on each machine, firewall on each machine. There are free versions - but a commercial deployment will still cost you if you are not prepared to understand it and is useless if you don't have a clear security policy.
 
Old 11-13-2007, 01:50 AM   #6
zaheer
Member
 
Registered: Apr 2004
Location: Linux World
Distribution: Debian,Free BSD but Currently Using PCLinuxOS
Posts: 32

Original Poster
Rep: Reputation: 15
Post

Hi,

What if i place a linux machine for the employees to check their USB for viruses and than can use it for office work ? Coz here viruses transfering through USB.
 
Old 11-13-2007, 02:10 AM   #7
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
Why rely on employees using it?
Why not put AV on all the hosts?
Why not upgrade all work machines to linux? - problem solved.

Do employees need to use usb keys for work?

Like I said, sort out that security policy.

You know, one of the advantages of not getting paid for this is that I get to tell people what's good for them instead of what they want to hear. When I am getting paid, I charge double when a customer insists on ignoring good advise.
 
Old 11-13-2007, 02:26 AM   #8
zaheer
Member
 
Registered: Apr 2004
Location: Linux World
Distribution: Debian,Free BSD but Currently Using PCLinuxOS
Posts: 32

Original Poster
Rep: Reputation: 15
Post

Dear Simon,

I agree with you why they dont use linux.I am new here lets see what they do on my suggestion for linux.
 
Old 11-13-2007, 05:24 AM   #9
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
If this has got people worried, and you've been asked to come up with something... the best approach is to do a report on securing individual hosts... spell it out: they need firewall and AV on each computer. It must be kept updated. Cost it out.

Do the same analysis costing out free software solutions for the same thing.

As a foot note, point out that these systems were designed for a free OS. Suggest that a migration should be considered, especially in light of a near-term prospect of a very costly migration to Vista. (Only a few sentences - you main thrust is to get the network secure).

If this is just you as joe-worker... get linux on your own system. Every time something happens just smile and say: "what malware".

Read the following:
http://zgp.org/~dmarti/linuxmanship/
 
Old 11-13-2007, 07:56 PM   #10
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,243
Blog Entries: 5

Rep: Reputation: 190Reputation: 190
Quote:
Originally Posted by zaheer View Post
Hi,

What if i place a linux machine for the employees to check their USB for viruses and than can use it for office work ? Coz here viruses transfering through USB.
Desktop Antivirus can be configured to SCAN the USB drive on access.. so if they plug it into their PC it gets scanned so it can not infect the workstation or the network.

I'm currently running Symantec Client Security 3.0 on my windows network and the cost for this centrally managed solution is about $23.00 PER PC FOR 1 YEAR. This solution is a centrally managed Antivirus/anti-malware/with managed Client Firewall.

Cleaning up one virus that spreads throughout the entire network would cost more than that in labor and lost productivity so Why would I bother chancing it ?

Bite the bullet and install desktop protection. If you are going to run windows you have to play in the windows security world and secure the workstations at the extra expense and be willing accept the hit to your PC performance these solutions will cause.
 
Old 11-14-2007, 02:59 AM   #11
zaheer
Member
 
Registered: Apr 2004
Location: Linux World
Distribution: Debian,Free BSD but Currently Using PCLinuxOS
Posts: 32

Original Poster
Rep: Reputation: 15
Ok development is being done on PHP and Mysql so which Distro is good so can employee can also leave the XP on that distro's first glance and what about that version controlling of that development environment.This software is being used cs-rcs.So in place of this which linux version controlling can be used which to be easy for me.
 
Old 11-14-2007, 03:16 AM   #12
Simon Bridge
LQ Guru
 
Registered: Oct 2003
Location: Waiheke NZ
Distribution: Ubuntu
Posts: 9,211

Rep: Reputation: 198Reputation: 198
RCS exists for linux as well.
http://www.yolinux.com/TUTORIALS/Lin...alRCSinto.html
... though CVS is more common:
http://www.faqs.org/docs/Linux-HOWTO/CVS-RCS-HOWTO.html

PHP and MySQL is frequently part of a LAMP configuration, I believe favorites for those are Debian and RedHat/CentOS.
http://lamphowto.com/
 
Old 11-14-2007, 08:23 PM   #13
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171Reputation: 3171
Remember, a network cannot be "infected" by anything. (And the entire biological-metaphor is, altogether, completely misguided in reference to any form of silicon!)

Windows networks traditionally have serious problems because nearly all of their users run with administrative privileges: they can "do anything" with their machines, and therefore, so can any program that finds its way into their machine. You cannot reasonably stop "a program," or "a script," or a "what-have-you," from arriving on your computer. But you can strictly limit what it can do.

The very first thing to do is to make sure that every single user on your network is not an Administrator... even if that person's regular day-to-day job responsibilities are "administrative."

You, yes, even (and especially!) you, must not "routinely" run with Administrator privileges, no matter how "convenient" it might be for you.

The next thing you need to make sure of is ... backups. Windows has had a great backup-tool for centuries. So does OS/X (especially now!). So does Linux. USB or FireWire hard-drives are cheap. Backups can be totally automatic. It's easy.

When you do very-simple things, you can easily protect your network and its contents from the effects of rogue-programs. And that simple prudence is vastly easier than cleaning-up after the damage.

No matter what Mister Norton may tell you, you don't need their products and they don't make you "safer."

Uh huh... the first thing that I did to my latest Windows-XP box was to remove and disable all of Mister Norton's offerings. Zero problems since... and there never will be any. Yessir, of that I am quite sure.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows virus in heterogeniouse network andy.l Linux - Security 8 02-10-2007 08:54 AM
Anti-Virus on a network -alf- Linux - Networking 1 01-30-2007 01:37 AM
Network Wide Anti-virus kegwell Linux - Security 8 12-20-2004 11:37 PM
Boot virus or Anti-Virus? AVG Free Anti-Virus Software problems SparceMatrix Linux - Security 9 08-02-2004 03:35 PM
virus problem on windows network - need help coolamit78 General 5 06-22-2004 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration