On Monday 15 November 2004 10:47 am, Joseph Toon kindly wrote:
> I ran into this same issue about a year ago. Spyware infested systems,
> viruses, no network monitoring/policies, etc. The network is around 40
> computers, a few servers, mostly Windows 98 desktops.
>
> While I could have attempted to do a "Security 101" class, I realized most
> wouldn't be interested and as a result, it wouldn't be effective. So
> instead, I profiled the network, uncovered issues (both from a security and
> usability standpoint) and wrote up a formal proposal that outlined the
> issues and solutions (using FOSS of course.. :)
>
> I setup a FreeBSD 4 firewall (Linux could be used as well, I just prefer
> the syntax of IPFilter and the ports system) that uses a default deny
> policy to only allow necessary incoming connections (ie website, mail, ssh)
> as well as necessary outgoing connections. I setup Postfix with Amavisd-new
> that processes all incoming and outgoing email for spam (spamassassin) and
> viruses (clamav). In addition, Postfix uses dnsrbl lists that rejects known
> spam sites at the connection (about 30% of all incoming email). Amavisd is
> set to auto-quarantine known executable files attached to email and
> notifies me to manually deliver them (I think there have been 2 legitimate
> emails quarantined over the past year). (side note: the current issue of
> Linux Journal has two articles that discuss the setup & config of
> postfix/clamav/amavisd/spamassassin).
>
> 40% of all incoming email is rejected (dnsrbl lists), another 5-10% is
> rejected as spam at the server. Historically 50% of all email being
> received was spam, now this has been significantly reduced. Email that is
> *probably* spam (low spamassassin value) is delivered with the spam tags so
> the receipient can decide what to do with the email.
>
> AFAIK, the clamav + amavisd blocking of executable attachments has been
> 100% effective in keeping viruses from entering the LAN. On average, 10
> virus emails are stopped per day that would have historically been
> delivered and possibly run by a user.
>
> On the desktop, I have been migrating users to Firefox. In addition to
> this, I "fix" internet explorer (updated security patches, spywareblaster,
> adaware, etc..) and move links for Internet Explorer to point to firefox
> (Blue E = "The Internet" you know..). I have not run into any major issues
> from users. Most use it and see it as an upgrade from Internet Explorer.
> Quite a few have asked me where to get it to install on their home
> systems/recommend it to others, etc.
>
> This has done wonders for the spyware/adware/virus issue. For the most
> part, it is a distant memory for the users.
>
> Incase something does get past the firewall/filters, I have setup the
> firewall to notify me when attempts are made to access external SMTP
> servers (not from the mail server, of course) and I monitor the postfix
> logs (daily report) for any abnormal mail server activity that would
> indicate a mass mailing virus. In addition, an occasional network sweep
> using tools such as nmap/nessus/etc is conducted to locate other security
> issues (ie viruses loaded that open a backdoor on the system).
>
> The next step I'll probably setup a proxy server (squid/dans guardian or
> similar) to disallow all use of Internet Explorer except for Windows Update
> and provide another layer of control (disable access to spyware/adware
> sites, etc..).
>
> Needless to say, most users are unaware of the behind-the-scenes stuff that
> is occuring. There have been several who have noticed that many problems
> they have on their home computers don't occur on their work computers
> (massive spam, spyware, general slowness, etc..) and have asked me about
> these issues. Of course, I'm more than happy to discuss and recommend ways
> to combat the issues. Infact, I have a short one page list of tools &
> recommendations (standard stuff, firewalls, being intelligent about email,
> using firefox, using a hardware router, adware/spybot/spywareblaster, virus
> scanner, etc..). I do like when they pop the question "well what do you use
> on your home computer" .. ".. well I don't use Windows.... "
>
This is really helpful! I'm printing it up.
> to combat the issues. Infact, I have a short one page list of tools &
> recommendations (standard stuff, firewalls, being intelligent about email,
> using firefox, using a hardware router, adware/spybot/spywareblaster, virus
> scanner, etc..).
Could I see this page of yours? Either on the list here or send to me
privately, whatever you think more appropriate.
I appreciate all this information. Thanks so much!
Siri Amrit
Siri Amrit
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)