[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6F013BF84681EC4DA7888C850099873B05C9E294@lps18100.leggett.int>
From: kevin.cherry at leggett.com (Kevin Cherry)
Subject: antivirus s/w
One product you might want to look into is Cisco Security Agent or CSA.
CSA runs on all NT Class machines and works as a kind of a Personal
Firewall. It does this through OS behavior monitoring and then reports
any suspicious activity to a centralized console called VMS. The VMS
console can read the log information leading up to a successful block
and compare that information from other CSA agents running on other
machines to determine if a new rule needs to be generated and pushed out
to the clients to block a new worm or attack that may be active on your
network. CSA's rules can be customized down to a very detailed level
and provides a proactive approach for combating new viruses and system
compromise attempts and it does not need any definitions to do so,
because it works by monitoring OS behavior. CSA will also work in
combination with Cisco VPN concentrators by only allowing machines that
have CSA running to connect to the VPN. Here are some links for more
info.
http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html
http://www.cisco.com/en/US/products/sw/cscowork/ps2330/
If I made any mistakes in my description please let me know as I only
told this information at Cisco Security Seminar and I may have forgot
some things
or explained them incorrectly.
Kevin
-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Gadi Evron
Sent: Tuesday, January 27, 2004 5:10 AM
To: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] antivirus s/w
Patrick J Okui wrote:
> Hi all,
>
> (.*flames.*>/dev/null)
>
> 1. I'm trying to decide on an AV solution for a campus wide n/w.
> I'm basically looking for something that'll respond as quick as
> possible to new viruses. I'm currently evaluating NAV, and Fprot.
> Any other suggestions/recomendations?
To install on every workstation or to filter malware from email?
>
> 2. Fprot have an AV 4 linux/bsd workstations....does this just
> scan for virii from infected winbloze or are there un*x virii i'm
> ignorant about?
A better question would be.. rootkits?
Gadi Evron
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists