At 11:27 -0700 2004-07-21, Charles E. James wrote:
>I have a desktop computer loaded with Windows 2000 Server and will
>be running IIS FTP and want to install a firewall and virus
>protection. Do you have recommendations on what software to purchase
>and install?
Symantec AntiVirus Corporate Edition (SAVCE), which is also bundled
as a component of the Symantec Client Security suite, can provide
anti-virus protection for Windows servers. SCS (and hence SAVCE) are
licensed by the campus, and are available for downloading via the
WSSG Software website <http://software.berkeley.edu>.
SCS will also be included on the Connecting@Berkeley 2005 CD for
Windows <http://cab.berkeley.edu>, which you can soon pick up at no
cost at a number of campus locations, including Doe and Moffitt
Libraries and The Scholar's Workstation (TSW).
In one past discussion of this topic (see below), Cisco Security
Agent, an intrusion prevention package, has been suggested for
protecting Windows servers against attacks over the network, as well
as against malicious code that may somehow find its way onto the
server, anti-virus protection notwithstanding. Hardware firewalls
have also been suggested, and a combination of both might conceivably
be appropriate under some circumstances.
I'm also copying your query to the UCB Security List
<http://socrates.berkeley.edu:2002/ucb-security.html>. There are
many knowledgeable participants in that list who may be able to offer
advice.
Aron Roberts
Workstation Software Support Group
-- At 10:58 -0700 2003-10-17, Eric Chamberlain wrote: >Chris Hoffman asked: >> >>Is anyone out there using a firewall appliance such as those offered by >>NetScreen or SonicWALL? I'm trying to evaluate whether a hardware approach >>is better for my unit than a software approach (e.g., Cisco/Okena), and I >>sure would like to come see one of these boxes in action. Eventually, we'll >>have most of our devices in a secure VLAN, but we need to do some more with >>one or multiple servers. > >We are using Cisco PIX and NetScreen firewalls. We also use the Cisco >Security Agent (Okena) product. Each has their strengths and weaknesses >depending on the environment. The hardware firewalls are better for >blocking off-network traffic and off-loading the filtering work from the >server CPU, but they don't do host IDS or block system calls and buffer >overflows. > >Netscreen works well in an existing switched environment, because it >operates at layer 2, but we have run into situations where we have maxed out >the number of rules supported on the device. > >The PIX currently operates at Layer 3 (Layer 2 support will be available in >a future IOS release) and supports a number of VLANs, based on the model. >University of California, Berkeley ------------------------------------------------------------------------ The following was automatically added to this message by the list server: For information about Micronet, including subscribing to or unsubscribing from its mailing list and finding out about upcoming meetings, please visit the Micronet Web site: <http://micronet.berkeley.edu/>.Received on Wed Jul 21 12:10:09 2004
This archive was generated by hypermail 2.1.8 : Wed Jul 21 2004 - 12:10:16 PDT