Network security AV and more

staggerlee

Hi all,

We have a new boss in our place and one of there first port of calls was to stop our overly harsh blocking of facebook, youtube and the likes and open them all up again (even though previously we blocked them because over 80% of all internet traffic was going to facebook!)

So we open it back up but now seem to be getting a flurry of virus's all over.

I've just joined the infrastructure side and been told to update our Av (McAfee with EPO) the other guys i work with say it wont do much as we are still on the latest DAT files (normally using the second to latest veriosn), its just EPO we can upgrade to 4.5 and the clients are on 8.5 instead of 8.7i

We will be upgrading all the McAfee stuff but what else do you guys do to protect your clients?

We will also be moving to ForeFront in the next year any one have experience of using that?

Cheers

s

gateway

staggerlee wrote: »

(even though previously we blocked them because over 80% of all internet traffic was going to facebook!)

So we open it back up but now seem to be getting a flurry of virus's all

We will be upgrading all the McAfee stuff but what else do you guys do to protect your clients?

I don't think it's overly harsh; to be honest you should block Facebook again. There is no need to allow access to this unless you want less productivity out of staff and more viruses. Everywhere I have worked has blocked access to Facebook and with good reason. There is far too much malware etc easily obtained through sites like this.

Updating EPO is a step in the right direction, do you have an IDS/IPS?

hypnotoad

McAfee hasnt been good in like...ever.
Take away admin rights on your desktops - will save you a lot of headaches in the long run
Get an IPS (Multi-functional Firewall Software - Open Source Content Filter & Spam Filter | Untangle.com ?)
Patch up windows/java/acrobat/flash/etc
Lock down activex and other IE settings with group policy
Change passwords & encourage users to do the same on their personal accounts -- you never know what nasty little keylogger got snuck in
Write up an AUP (probably should be first)
Run MBSA or the like - do some pen testing
Move from XP to 7 (if applicable & feasible)
Get your AUP/security policy approved by the bosses so they can't come back at you
Educate users to stop clicking dumb stuff (easier said than done)
Implement incident response formalities
Improve backups if relevant - users love to store important files on their virus-ridden desktops


Lots more...this is just a 2:30 AM brain-****.

Chris:/*

Block Social Websites!

There is no need for them to be accessed at work and besides the security implications of these sites there is also the significant loss in the productivity of employees. Let them complain, if they are complaining then obviously they were accessing the pages and as such causing the previously mentioned problems.

bertieb

Does your boss really understand the risks and consequences with having this access open? If you present him/her with stats on the increased number of viruses you are seeing(and identify the risks of business data compromise/corruption and that extra man hours are being spent wiping viruses off things etc) and the fact that 80% of your traffic is Facebook related - and explain it clearly in a manor they understand - then they might be more willing to back you in pulling access to social sites again.

staggerlee

yeah i agree its totally not needed in work. There was talk of opening it up at lunch time only but that got squashed for total 100% access /sigh

Im not a big fan of McAfee but since our only other solution is going to ForeFront (we are a museum so get cheap MS licenses and we are pretty much moving everything to MS to cut costs)

Thanks hypnotoad this is what i was looking for

McAfee hasnt been good in like...ever.
Take away admin rights on your desktops - will save you a lot of headaches in the long run
Get an IPS (Multi-functional Firewall Software - Open Source Content Filter & Spam Filter | Untangle.com ?)
Patch up windows/java/acrobat/flash/etc
Lock down activex and other IE settings with group policy
Change passwords & encourage users to do the same on their personal accounts -- you never know what nasty little keylogger got snuck in
Write up an AUP (probably should be first)
Run MBSA or the like - do some pen testing
Move from XP to 7 (if applicable & feasible)
Get your AUP/security policy approved by the bosses so they can't come back at you
Educate users to stop clicking dumb stuff (easier said than done)
Implement incident response formalities
Improve backups if relevant - users love to store important files on their virus-ridden desktops

Seems we are half way there on about all of this list

We have a new app that does patchs updates for none MS products (Not set up)
we have Wsus (but only use it for servers (again no idea why))
WE recently got rid of Admin rights to all users (we do still have a large group who do have it due to some software they use )
I dont belive IE is locked down in GPO i will take a look.
Users desktops and my docs are pointing to mapped drives so that bits sorted.

We dont have IPS i will take a look at the link!

Thanks for all the advise

s

staggerlee

on another note,

Does anyone have some good reports etc saying about the dangers of social sites.. might be worth another push to just get this all blocked out again.. If the CEO doesnt care about productivity going down for the sake of keeping people happy maybe some cold hard facts and the recent proof will get her to act.

SephStorm

while I agree with the recommendations here, I don't think that the productivity argument is worth much. Most employees won't suddenly become productive when FB is blocked...

As for AV providers, I don't trust any of the major commercial companies after recent events. Mcafee and Symantic give virus code to china, and then suddenly they become the worlds #1 producer of viruses? Thats consumer protection right there...

za3bour

Block social website even if it doesn't increase productivity but it will surly decrease it. I don't see any point in having them opened. You should argue your boss about this.

Are you using ISA for now ?

Psoasman

Definitely no reason to have social sites available at work. I have "fixed" several laptops at work that had viruses because someone just had to have myspace, facebook, etc.
Barracuda and Eset seem to work pretty well for this.

staggerlee

The current set up is

Emails go via MessageLabs and Internet is ISA 2004 for Proxy then WebSense does blocking.

Internally we have McAfee and thats it. trying to sort out WSUS and this other app thats name escapes me at present.

Plantwiz

staggerlee wrote: »

...
Im not a big fan of McAfee but since our only other solution is going to ForeFront (we are a museum so get cheap MS licenses and we are pretty much moving everything to MS to cut costs)
...

I would have said to block FB. Unless the museum has an account/page they need to maintain, there is no reason employees need access during the day. Most can probably hit it from their phones, so let them use their phones on their lunch break.

If you are a 501c3 then several vendors offer non-profit/gov't/education licenses...it varies from vendor to vendor though so you're best bet is to ask/inquire with your license reseller about what is available (and if you don't have a reseller...try CDW, but try Ingram Micro if you are able (or don't already have an account).

Join:
TechSoup - The Technology Place For Nonprofits

As well as contact Endpoint Protection, Antivirus Software, Email & Anti-Malware Protection - Sunbelt Software I KNOW they recently offered great pricing for both competitive upgrades and/or non-profit/gov't type accounts...call them and see if you can get some pricing!! (but CALL them).


Drop the FB and if there is IM going, block that as well.

staggerlee

Plantwiz wrote: »

I would have said to block FB. Unless the museum has an account/page they need to maintain, there is no reason employees need access during the day. Most can probably hit it from their phones, so let them use their phones on their lunch break.

If you are a 501c3 then several vendors offer non-profit/gov't/education licenses...it varies from vendor to vendor though so you're best bet is to ask/inquire with your license reseller about what is available (and if you don't have a reseller...try CDW, but try Ingram Micro if you are able (or don't already have an account).

Join:
TechSoup - The Technology Place For Nonprofits

As well as contact Endpoint Protection, Antivirus Software, Email & Anti-Malware Protection - Sunbelt Software I KNOW they recently offered great pricing for both competitive upgrades and/or non-profit/gov't type accounts...call them and see if you can get some pricing!! (but CALL them).


Drop the FB and if there is IM going, block that as well.

Excellent stuff sir! thankyou i shall take a look

tpatt100

Facebook is funny because it rats people out. A guy in my Guard unit who does our admin work kept saying he was too busy to get our paperwork done. Somebody looked at Facebook and the whole time it showed him check into Farmville, updated his status, left a comment, etc.

ssampier

You're getting lots of malware from Facebook? Pretty unusual; I have mostly seen large amount of malware from dicey download sites and email.

Are you sure you're getting viruses from social networking?

Most advice has been pretty sound. I will add I like multi-layered security. This means don't just trust one AV vendor. I like different antivirus on gateway, server, and desktop.

Since you're nonprofit, this may not be feasible. How about switching your servers to ForeFront antivirus now rather than later? The workstations can stay McAfee.

it_consultant

Everyone here knows I think McAfee is useless. Its virus scanner won't pick up any malware meanwhile you have donkey-**** popping up on your desktop.

Get a real scanner, vipre is my preferred one. How many times have we had to use Malware Bytes and Super Antispyware to clean infections that McAfee and Symantec fail to catch and remove?

shodown

Since we have opened back up on DOD networks people have been happier. People know they have a job to do and they are adults. There is nothing wrong with jumping onto social media during working hours for a few min here and there as long as the work is getting done.


1. U need better anti virus

2. With proper web content filtering you can only allow people access to facebook and FB chat and filter all games and apps.

3. Training to users and a policy that says what you can use social media for at work.

This has worked for us and we cover over 35K users.

SephStorm

it_consultant wrote: »

Everyone here knows I think McAfee is useless. Its virus scanner won't pick up any malware meanwhile you have donkey-**** popping up on your desktop.

Get a real scanner, vipre is my preferred one. How many times have we had to use Malware Bytes and Super Antispyware to clean infections that McAfee and Symantec fail to catch and remove?

^ This= +1

Why do employees need FB chat?

MAC_Addy

I have facebook and youtube blocked on my network. Whenever they try to go there, it'll re-direct them to google.com.

I get questions all the time "How come some sites you try to go, it'll go straight to google?".

They never say "I tried to check my facebook, and it keeps on going to google".

Funny thing is, I watch these people try all sorts of ways to get around it (through remote desktop). But, since everyone is setup DCHP, it won't matter how hard or what you try, I've got you re-directed through your DNS addresses

it_consultant

During the 2008 elections I put the entry for foxnews.com to go to huffingtonpost.com. Peoples' heads almost exploded. Sometimes being an admin is very fun.

MAC_Addy

it_consultant wrote: »

During the 2008 elections I put the entry for foxnews.com to go to huffingtonpost.com. Peoples' heads almost exploded. Sometimes being an admin is very fun.

Sounds like you can be as mean as me!