Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
19
Helpful
4
Replies

CSA and Antivirus Programs

jjohann63
Level 1
Level 1

‎10-27-2004 04:32 AM - edited ‎03-09-2019 09:13 AM

When CSA is installed on hosts, is there still a need for AV programs. If not, how are the viruses cleaned?

Labels:
0 Helpful
4 Replies 4

travis-dennis_2
Level 7
Level 7

‎10-27-2004 05:28 AM

As huge a fan of CSA as I am I would have to say that anti-virus is still needed. You can certainly lock down a machine with CSA to the point where virus infection would be next to impossible but in doing so, depending on your environment, you may make that same machine unusable on your network. As a general rule IT Security should be a layered approach starting with your edge routers and firewalls, continuing on into your inside routers and switches, IDS systems, AV programs, hardening and patching of the OS and lastly IPS programs such as CSA. There could always be a scenario where the rule set that a person has created fro CSA just happens to let that one virus through and then all the time, money and energy spent on CSA is wasted. Never discount the possibility of mis-configuration or that crafty end-users can dis-able CSA. They can and will if motivated and smart enough. I created a no music download policy and end users could not download or even save MP3s to their hard drives anymore. You best believe that some of the developers (brainiacs with too much time on their hands) found a way to dis-able CSA. I had to go back to the drawing board to lock them down again.

End-users are more often the enemy than a hacker and they can leave you wide open.

Well that is my sermon for the day. I hope the opinion (and this is just that..my opinion) shed some light on a few issues.

Please remember to rate all replies

jjohann63
Level 1
Level 1
In response to travis-dennis_2

‎10-27-2004 07:02 AM

Thanks for the response. I just received an email from our local Cisco rep stating that CSA would prevent the malicious behavior but not clean the virus so that it would be possible to forward the virus to another computer and possibly infect it. He said, as you recommended, that CSA and an AV product be used together. Thanks again!

pcomeaux
Cisco Employee
Cisco Employee
In response to travis-dennis_2

‎10-27-2004 01:47 PM

Hey Travis -

As far as your crafty users disabling CSA, have you thought of NAC at a L3 hop before your outbound firewall?

This would really dissappoint your craft users who decide to re-image to get around CSA & can no longer use the internet while at work!

thanks!

peter

travis-dennis_2
Level 7
Level 7
In response to pcomeaux

‎10-27-2004 05:17 PM

Listen up. Class is in session and Peter is teaching. That is perect. Somebody is on for a suprise on Monday morning!

Thanks!

0 Helpful
Customers Also Viewed These Support Documents