Antivirus on intranet network

December 1, 2005

hello,
I have a “Working” network who is totally disconnected (physically)
from the Internet.
people do the “search” on the “Internet ” computers and then go on the
“work” computers for analyse and the store the data.
The Question is: I would need a anti virus on the “work” computers and
I should be able to update the virus database daily without connecting
any computer to the Internet.
Which anti virus should I use and How could I do the update.
Thanks for any help.
Steven Meyer

Answers:

If your data has value, protect it appropriately. (I don’t work for
Symantec anymore, but I still buy their products)

Personally, I run A/V on ALL my PC’s, regardless of their internet
connectivity. If I am going to go to the extreme of creating an isolated
network, then I am going to make use of defense in depth and use multiple
vendor’s A/V solutions there. The Internet is one attack vector into an
organization, however it is not the only one. Before we had the Internet
(yes, there was a time…) we still had virii. They propagated via floppy &
CD-ROM (called SneakerNet), downloaded files, and email.

If you have ONE laptop on the “isolated” network, you have just multiplied
the likelihood of catching and spreading malware.
If you have ONE modem on any PC on the “isolated” network, you may have a
connection to the Internet.
If you move data from the shared network to the “isolated” network, then you
may as well have just connected to the shared network.

I know of several businesses that have been brought to their knees recently
for SEVERAL DAYS as a result of the Sober.X worm. These are organizations
that have invested in A/V products, but have misconfigured them, not
administered them properly, or have poorly followed procedures. The threat
is real, the vulnerability is evolving, and the risk is constantly rising.

Cheers!
Mark

Maybe wasn’t my question clear enough, All the security problems
related to people trying to ad a laptop to the network or trying to
connect to the Internet from the work computers have been resolved.
As I tried to explain in my first e-mail, The point is how to update
an anti virus with out allowing him to connect to the Internet, and
witch anti virus would be able to do this ( threw diskette for
example).

I think I’ll go with the “Intelligent Update” solution.
Thanks for all your help.
Steven Meyer

Steven i would look at those solutions where you can have a
distribution server on the network which is the storage point for the
virus signature updates. CA’s inoculate does this as i’m sure many
others do. I think you need the microsoft client installed to access
the file share. In their update queue the clients would update from
the redistribution server first. Your only problem then is to find a
way of updating that redistribution server regularly.

You could also look at zonealarms/checkpoints integrity solution where
i believe every workstation must meet the patch levels you set eg
virus/others before you can authenticate to the network. Have not seen
it in real life but know it exists. good luck
Neal

Hi Steven,

We use eTrust from CA and you can certainly do this. On one of your internet connected machines you can set it for auto download and to then re-distribute to the other connected machines (saves on internet bandwidth). The files are stored on the first machine as self-extracting archives, simply copy them to a USB stick and move them into a similar config on your ‘offline’ machines (i.e. Distribution server with configured auto downloads on the other machines). The only thing you have to remember is to do the physical transfer.

If you have laptops travelling between the two networks on a regular basis you could set up a distribution tree so the laptop/s connects to the first distribution server and then when it/they connect to the ‘offline’ network it/they then distribrutes the signatures to the machines on this network.

HTH,

Lauren Ward

Ever heard of Panda Software? they have something like an intern antivirus-db server

greets

Hi,
I think that you can use Symantec Antivirus Corporate
Edition server and clients in your Intranet, download
the definitions file manually and install in the
antivirus server.

i hope this help
bone

Posted in Q & A