Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 6: Defense-in-depth > Enterprise Defense-in-Depth - Pg. 227

Defense-in-depth · Chapter 6 227 the traffic sent through that choke point. High traffic proxy servers can be particularly troublesome, as Hypertext Transfer Protocol (HTTP) scanning is still in its infancy (see Igor Muttik's chapter on "A Tangled Web"). The problem remains that if a product is causing too much delay (technically, this is often referred to as "latency") in e-mail scanning or HTTP traffic, this will only be discouraging and anger the user community, and they will look for ways around the "problem" area. Remember, just because choke points are being covered, that doesn't mean it's sensible to relax controls on keeping individual desktops up-to-date. While the gate- ways are ideal to keep some malicious traffic out, all machines on the network are potential entry points. Choke point scanning should be seen as complementary to desktop protection, not as a replacement, more so now that even low-spec desktop machines and laptops have comparable functionality to server-class machines. As part of a good "data hygiene" regimen, regularly scheduled virus scans should be made of all systems, as a supplement to real time (on-access) scanning. On UNIX systems, a scan of user data volumes may be scheduled more frequently than the systems areas, especially if tripwire (or other integrity checking software) is used to notify of any changes to the system files. The use of multi-vendor products is slightly in dispute.Two general schools of thought exist. One side prefers the single vendor approach, arguing that there is a single point of sup- port, update, and contact should the product fail. Major-league AV vendors share information,