[plug] Securing Redhat 9.0

[Craig Ringer]

Leon Brooks wrote:
> On Tuesday 18 October 2005 22:22, Kathryn wrote:
> 
>>I would also like to strip all their email attachments on the way
>>in or is that getting a bit harsh? And whitelisted internet access.
> 
> 
> Whoo! Atilla the Hen just arrived! (-:
> 
> I would recommend scanning all inbound email (ClamAV will do fine, use 
> FreshClam to keep it updated), and stripping executables (AMaViS will 
> do this neatly)

You may also wish to remove or quarantine zip files. Depending on the 
business, this might cause a little disruption, but it flat-out stops 
most viruses.

At the POST, where we get many files sent to us every day, I've had to 
retrieve a quarantined zip perhaps six times.

Quarantining zip files and Windows executables helps protect you against 
the initial lag between the release of a worm and your virus scanner 
learning about it. I've been very happy with the results at work, with 
zero worm infections over the Internet in the five years I've been 
there. We did have one that came in on a CD-ROM an employee bought in, 
but there's only so much one can do.

Oh yeah, that's it, now none of the systems have CD-ROMs, floppy drives, 
etc except one very locked down box with a virus scanner set to "paranoid".

 > but you will get a lot of staff rensentment from
> whitelisting (what I call "French Foreign Legion" rules: "You shall do 
> nothing except..."), which is generally a Very Bad Idea.

Indeed. Whitelisting simply wouldn't work at most companies - there are 
way too many "legit" business-related reasons to be browsing around. 
Additionally, letting staff do a bit of 'net banking etc seems to really 
help a lot in terms of less grumpy staff, so long as they don't take it 
too far.

--
Craig Ringer