Originally Posted by Deek

Good Morning,



I apologize, i am new and unsure of what type of org you belong to/run. This is only my 2nd post here at GFY. I am assuming (so im likly wrong) that you are in an office type environment. When dealing with data security, you want to do an onion (some call this "Defense in depth").

I am NOT bashing norton internet security suite. Norton makes fine products however hear me out.

In todays internet climate you/we are exposed to new threats constantly. Especially in the world of virii. A lot of virii today will render the firewall/anti virus useless, this typically happens because the virus definitions of the user are out dated. And as you mentioned, these application suites take up a ton of resources. They will also typically get your pocketbook as well.. The bastards!

Ok, now finally my solution, this is what i do at everyone one of my locations and the locations of my clients. I dont proclaim to be some uber export, but i have alot of field experience. Take this and all advice with a grain of salt.

Invest into a hardware firewall, such as the Cisco pix firewall. The pix 501 comes with a 10 user license, and can be expanded to 50. I am going to assume you have 10 or fewer people at your office. If this is the case, the pix is only going to cost $419.

Why do i support the hardware firewall? Theres several technical reasons which you will simply no care about regarding hardware vs software. The one reason you do care about is simple. Software firewalls such as the one by norton can be modified by the end user or by viruses, where the hardware firewall is not.

Virii, ok the normal user is exposed to virii by two main factors. Email and downloading warez/copy writed software obtained with out paying for it. Worms is a huge one, but the new hardware firewall is going to protect against that.

Contact your email provider and see what anti-virus solutions they provide. If they dont, and you host your own, look into the clamav sollution, their site is www.clamav.net. You could use this with sendmail/qmail for free anti-virus.

We would still keep the AV running on each machine, so you would have two levels of defense against viruses coming in via email. The email server, and the AV running on the machine.

Ok so we have a hard outer shell to your network... We do not want a liquid center (think egg). So go around to each machine and ensure the AV is configured for auto-updates nightly as well as windows updates (if you use windows). Also running the personal firewalls such as zone alarm is best practice and uses low resources. But typically people misconfigure them anyways, so... ;)

I would remove the norton internet security and keep the anti-virus. Likly you signed up for a years worth of updates, when this expires, look at the corporate licensing for AV. This will allow you to setup a server which eache machine will "check in with". What this will allow you to do, is have 1 machine downloading all the updates, and passing it out to each machine on your network. It will conserve bandwidth, and it will ensure each machine is running the latest version. Not to mention, the enterprise versions are typically cheaper per seat. When in doubt, ask a friend to go in half with you.

Ok i probally wrote down way more than you wanted but i hope it helps. Little bit about me, newb to the porn industry, but have been working in IT for a bit and my security experience dates back before my professional. Im the co-founder of the North East Ohio Information Security Forum (its a users group which meets physically, its NOT a web forum so dont ban me plz ), where i used to be a comittee member. I still present every now and again though. Theres a few videos available of my presentations if anyones interested.

Heres an outbound ACLs i use. I can help you with your inbound ACLs if you wish, but im not going to post mine here =)

access-list outbound line 1 permit udp any any eq domain
access-list outbound line 2 permit tcp any any eq www
access-list outbound line 3 deny tcp any any eq 8080
access-list outbound line 4 deny tcp any any eq 6669
access-list outbound line 5 permit tcp any any eq 6668
access-list outbound line 6 permit tcp any any eq 6667
access-list outbound line 7 deny tcp any any eq 6666
access-list outbound line 8 permit tcp any any eq smtp
access-list outbound line 9 permit tcp any any eq imap4
access-list outbound line 10 permit tcp any any eq aol
access-list outbound line 11 permit tcp any any eq ssh
access-list outbound line 12 permit tcp any any eq https
access-list outbound line 13 permit udp any any eq 443
access-list outbound line 14 permit tcp any any eq 5223
access-list outbound line 15 permit udp any any eq isakmp
access-list outbound line 16 permit udp any any eq 10000
access-list outbound line 17 permit esp any any
access-list outbound line 18 permit ah any any
access-list outbound line 19 permit tcp any any eq 10000
access-list outbound line 22 permit tcp any any eq 3306
access-list outbound line 25 permit tcp any any eq 23073
access-list outbound line 26 permit udp any any eq 23073
access-list outbound line 27 permit tcp any any eq pop3
access-list outbound line 28 permit tcp any any eq 5010
access-list outbound line 29 permit tcp any any eq 5100
access-list outbound line 30 permit tcp any any eq 5000
access-list outbound line 31 permit tcp any any eq 5001
access-list outbound line 32 permit tcp any any eq 5050

Remember, there is no panacea in data security... Not matter what if someone wants in, they will figure a way. All one can do is put in as many speed bumps possible. One must always balance confidentiality, integrity and availability in data security and never focus in one area.

my icq is 3420164 if you/anyone needs some help...