On Monday 15 November 2004 10:47 am, Joseph Toon kindly wrote: > I ran into this same issue about a year ago. Spyware infested systems, > viruses, no network monitoring/policies, etc. The network is around 40 > computers, a few servers, mostly Windows 98 desktops. > > While I could have attempted to do a "Security 101" class, I realized most > wouldn't be interested and as a result, it wouldn't be effective. So > instead, I profiled the network, uncovered issues (both from a security and > usability standpoint) and wrote up a formal proposal that outlined the > issues and solutions (using FOSS of course.. :) > > I setup a FreeBSD 4 firewall (Linux could be used as well, I just prefer > the syntax of IPFilter and the ports system) that uses a default deny > policy to only allow necessary incoming connections (ie website, mail, ssh) > as well as necessary outgoing connections. I setup Postfix with Amavisd-new > that processes all incoming and outgoing email for spam (spamassassin) and > viruses (clamav). In addition, Postfix uses dnsrbl lists that rejects known > spam sites at the connection (about 30% of all incoming email). Amavisd is > set to auto-quarantine known executable files attached to email and > notifies me to manually deliver them (I think there have been 2 legitimate > emails quarantined over the past year). (side note: the current issue of > Linux Journal has two articles that discuss the setup & config of > postfix/clamav/amavisd/spamassassin). > > 40% of all incoming email is rejected (dnsrbl lists), another 5-10% is > rejected as spam at the server. Historically 50% of all email being > received was spam, now this has been significantly reduced. Email that is > *probably* spam (low spamassassin value) is delivered with the spam tags so > the receipient can decide what to do with the email. > > AFAIK, the clamav + amavisd blocking of executable attachments has been > 100% effective in keeping viruses from entering the LAN. On average, 10 > virus emails are stopped per day that would have historically been > delivered and possibly run by a user. > > On the desktop, I have been migrating users to Firefox. In addition to > this, I "fix" internet explorer (updated security patches, spywareblaster, > adaware, etc..) and move links for Internet Explorer to point to firefox > (Blue E = "The Internet" you know..). I have not run into any major issues > from users. Most use it and see it as an upgrade from Internet Explorer. > Quite a few have asked me where to get it to install on their home > systems/recommend it to others, etc. > > This has done wonders for the spyware/adware/virus issue. For the most > part, it is a distant memory for the users. > > Incase something does get past the firewall/filters, I have setup the > firewall to notify me when attempts are made to access external SMTP > servers (not from the mail server, of course) and I monitor the postfix > logs (daily report) for any abnormal mail server activity that would > indicate a mass mailing virus. In addition, an occasional network sweep > using tools such as nmap/nessus/etc is conducted to locate other security > issues (ie viruses loaded that open a backdoor on the system). > > The next step I'll probably setup a proxy server (squid/dans guardian or > similar) to disallow all use of Internet Explorer except for Windows Update > and provide another layer of control (disable access to spyware/adware > sites, etc..). > > Needless to say, most users are unaware of the behind-the-scenes stuff that > is occuring. There have been several who have noticed that many problems > they have on their home computers don't occur on their work computers > (massive spam, spyware, general slowness, etc..) and have asked me about > these issues. Of course, I'm more than happy to discuss and recommend ways > to combat the issues. Infact, I have a short one page list of tools & > recommendations (standard stuff, firewalls, being intelligent about email, > using firefox, using a hardware router, adware/spybot/spywareblaster, virus > scanner, etc..). I do like when they pop the question "well what do you use > on your home computer" .. ".. well I don't use Windows.... " > This is really helpful! I'm printing it up. > to combat the issues. Infact, I have a short one page list of tools & > recommendations (standard stuff, firewalls, being intelligent about email, > using firefox, using a hardware router, adware/spybot/spywareblaster, virus > scanner, etc..). Could I see this page of yours? Either on the list here or send to me privately, whatever you think more appropriate. I appreciate all this information. Thanks so much! Siri Amrit Siri Amrit --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss