Anti-spyware at the Gateway

I am after a bit of information regarding anti-spyware. We run McAfee A/V on the desktops and servers here as well as Groupshield. We also run Mailsweeper and Websense. I now need to look at anti-spyware. We have approx 300 computers / users to protect.

I know there are a lot of products out there. What is the best solution for protecting against spyware at the gateway? Or is it inevitable that I will need some antispyware running on the desktops (to eliminate spyware which may already be present on PCs).

A brief Google has flagged up the following: Black Spider - but this is a managed service (I would prefer in-house control) Blue Coat - proxy appliance Surf Control - agent on desktop Trend Micro - agent based solution McAfee - agent based? Barracuda - appliance at the gateway

We do occasionally use Lavasoft Ad-aware to eliminate problems when we know there is spyware. We have a licensed copy of this (it is not free to commercial users).

Any help? I know I haven't provided too much info... I didn't know what level of detail to go into, in this initial post.

Thanks in anticipation.

Mat G Birmingham, UK

Reply to
djmg2
Loading thread data ...

I have more than 1500 workstations located at different clients, we block spyware by only permitting access to approved internet sites. What businesses need to understand is that most employees don't require internet access, and they will complain when limited, but allowing unrestricted internet access does not make sense - in fact, your employee overall productivity will increase in almost all cases, after the first 30 days (due to the decrease during the initial change caused by disgruntled workers).

We also don't allow users, the generic ones, to use IE, and we filter all files/ActiveX content from websites unless it's an approved partner site, at the firewall.

With these methods, we've managed to reduce trouble calls by almost 50% for all clients, and not one of them have been hit by malware.

Reply to
Leythos

How do you come up with the list of "approved" sites? What criteria do you use? How many are on the list?

Do you have software developers/programmers on your staff? Do you similarly restrict them to the same list of sites as the general office worker?

Reply to
Virus Guy

The list is based on categories of content and also white/black lists.

I have multiple rules based on the user or workstation IP. Some users can authenticate with the firewall and get LEVEL X access from any location while the workstation itself, with a different user would get LEVEL Y access.

We also segment our development teams into one network and the other groups into other networks - this means that we can allow all users in one physical group of workstations to have one level of access while others have a different level.

We also permit management some of them, access to another level of access.

In general, with developers, it's necessary to allow the software vendors sites and to our Usenet server which is limited to the support groups and filtering based on our rules.

Reply to
Leythos

In general, you can compare this problem to the Anti-Virus problem. There is no way to guarantee not to get virus code or not to get spyware code. And it's best to filter away anything which can be detected, before it reaches the client computers.

You have McAfee already. Don't they list spyware with the malware filtering in Groupshield?

Unfortunately, just like with viruses, there is no way to guarantee removal, so usually it's too late when the malware is already running.

Yours, VB.

Reply to
Volker Birk

Such whitelisting is not comfortable for users, and usually not suitable at all.

Yours, VB.

Reply to
Volker Birk

Users "Comfort" has nothing to do with it - Internet access is not a "Right" it's something to be used as needed - stop thinking that a company you work for lets you own the network or it's resources.

Most content can be blocked using "Category" filters and then exceptions in black lists and white lists.

Reply to
Leythos

sounds like your company won't be hitting any top 100 places to work lists.

There are plenty of other ways to block spyware that I feel are less intrusive to the users. We use our IPS to block more well known spyware traffic. We use the reports to clean up the machines that are infected. This has nearly eliminated calls to our helpdesk regarding spyware.

Reply to
BG

And since you're not a business owner, not in charge of IT services for any company, and appear to only be concerned with what the company owes you, I would not want someone like you working for my company or one of our clients.

But, ask yourself this, why do users have any business accessing the Internet while at work, unless their job specifically requires it, and then why would you allow more than what they specifically need?

Our solution was simple, improved worker productivity, cost nothing additional, decreased network load (which benefits the entire company), and cut down on trouble with the systems.

Why would any employee think they are "entitled" to internet access at work?

Reply to
Leythos

If you're using McAfee, they have an anti-spyware plugin that should cost you almost nothing and work with your exising ePolicy Orchestrator setup, on the desktop.

For a gateway appliance, I'd definately look at deploying a Fortigate for it's multilayer defense including spyware protection. But really you should consider both methods -- gateway *and* desktop. They bolster each other that way.

-Russ.

Reply to
Somebody.

Using a fully developed product like Websense, you can indeed do a credible job of whitelist-only Internet access.

Price of entry is around $20k.

-Russ.

Reply to
Somebody.

True, but if you knew how much p*rn, online dating, gambling and daytrading your staff were doing, you might fall over...

-Russ.

Reply to
Somebody.

LOL, that's the truth. When I started working for a company many moons ago, before I left and started my own, I installed a real firewall in the development center, didn't tell anyone, it was done over the weekend. I left everything open as it was before, then logged everything for about a week.

I printed out reports showing sites and content that were unapproved (without identifying the internal user/workstation) and handed them out at a company meeting I held..... The T1 was near full capacity before that day, we were considering a second T1.... After that day the T1 was running about 10% of capacity and work was being completed in a much quicker period. Don't get me wrong, we had a few people that could not stop making stock trades, still wanted to run IM programs, still thought checking personal email, and trying to access their home PC's was their RIGHT, and the company policy didn't stop it - they were fired, and it was the best thing I ever did. We implemented filtering at the firewall for all of those things, let the sales departments run off our T1 through another firewall, and they b1tched up a storm about being blocked, but after about 30 days things settled down and their sales increased around 40% over the same periods the year before....

I still don't understand why some employees think that the company OWES them internet access while at work.

Reply to
Leythos

Companies that cater to kids without ethics will lose after a short amount of time, same for unethical adults that abuse company resources.

Category blocking, white listing, blacklisting they all work with each other, take little effort, and bring workers back into the office where they can do work without the distraction of non-company necessary items.

Reply to
Leythos

Companies who are putting their staff in bonds and gagging them will lose anyways. It's just a matter of time.

This is exactly the same nonsense like whitelist telephone.

Yours, VB.

Reply to
Volker Birk

You speak like a non-IT manager, like a developer or a kid working for a company where you think they owe you something other than a wage for work.

If the majority of companies disallowed internet access for the majority of employees, the only thing that would happen is that productivity would increase.

Reply to
Leythos

I'm guessing then that the only IT work you do is at home or on friends computers and no real work.

Jason

Reply to
Jason

When you look at his "proof of concept" code samples that he says prove that PFW don't do anything to protect computers, and them post that his POC didn't work with a PFW enabled, he doesn't reply.... He's got to be in that under 20 group that thinks the world owes them something.

Reply to
Leythos

Nice guess. And wrong.

Yours, VB.

Reply to
Volker Birk

look at tipping points products.. they will do the job.

/Jonas

skrev i meddelandet news: snipped-for-privacy@u72g2000cwu.googlegroups.com...

Reply to
Jonas Haggren

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.