Thanks, Bill. We all have had to live with management-driven decisions at one time or the other, no? We change what we can, and accept what we can't and try to make the best of it. This is one of those situations. The line of thought is "we don't care what's running around in the Labs as long as they remain in the Labs, but, by the way, we need to be able to pull files from our Labs machines to our production desktops so we can work on them. So, you see, you can't block off the Labs" Anyway, the cost is really not a factor. Finding what to invest the money in is the issue. The PRIMARY (and, maybe, ONLY) concern is keeping viruses that propagate through network shares from coming to the production network. The device I was testing does SMTP, POP and Web filtering, but 90% of the Virus problems is NetBIOS borne. And, no, I can't filter out NetBIOS ports between the Labs and the production sides. That is my dilemma. IF there is a device on the market that does NetBIOS virus scanning and prevention, a big part of my problem will disappear overnight. And, if wishes were horses ........ :-p >From the look of things, though, it seems that this is on of the situations where we say "There are seldom good technological solutions to behavioral problems." Apologies to Ed Crowley :) Sincerely,
Dèjì Akómöláfé, MCSE MCSA MCP+I www.akomolafe.com www.iyaburo.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Bill Moran Sent: Fri 10/17/2003 10:08 AM To: [EMAIL PROTECTED] Subject: Re: [ActiveDir] VERY OT: Preventing Viruses from Lab to Live network [EMAIL PROTECTED] wrote: > I forgot to mention that. Yeah, there is a requirement for connectivity > between the 2 sides. That's why firewalling them is not an option. I've been following this because I think it's outrageous. I don't envy your problem. I think you're in a situation where you'll have to say "if that's what you want, then it's going to cost you" to whoever put the connectivity requirement in place. First off, you are going to want a firewall between production and lab. Set it to deny by default, then allow ONLY the EXACT traffic that you want to allow. Then configure logging and make it a point to review the logs regularly. I would also suggest a dedicated SMTP relay for the lab, with virus scanning and extensive access restrictions: again, allow only what you KNOW is safe, log everything, and review the logs regularly. Configure your firewall so that ONLY mail that's gone through the SMTP relay is allowed anywhere. This will stop a lot of SMTP-based worms from getting anywhere, as well as alerting you to their existance. Even this will not protect you from every type of attack, but it should reduce the rate of occurance significantly. -- Bill Moran Potential Technologies http://www.potentialtech.com List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
<<winmail.dat>>