06-03-2005 07:46 AM - edited 03-09-2019 11:28 AM
Is there any documentation on how to check for viruses on my network?
We have a network with around 200 client networks all running through our firewall. Sometimes I notice spikes in the traffic that could possibly be related to viruses, but I am unsure on how to determine it.
Any help would be great.
06-03-2005 08:25 AM
Hi,
I would recommend using Netflow on your Cisco routers to detect virus activity.
The following document is about detecting and preventing the w32.blaster virus and it has a section about how to do detect the virus using Netflow:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a00801aedd6.html
For more comprehensive information on Netflow have a look here:
http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml
Good luck!
Paddy
06-06-2005 07:33 AM
I recommend to use an IPS intergrated on a router / switch or a dedicated appliance (for me the last it's the better solution because the signatures are updated regularly ... it's possible to do the same thing with netflow or maybe with a protocol analyzer but not simple to do):
Cisco IOS Intrusion Prevention System (IPS)
Cisco IOS IPS helps to protect a customer's network from internal and external attacks and threats.
Cisco IOS IPS allows customers to choose between any of the following options when loading the signatures onto a device:
-Loading the default, built-in signatures
-Downloading dynamic signature detection files (SDFs), which are dynamically updated to provide customers with the latest available versions to better detect security threats.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_fwids.htm
Cisco® IPS 4200 Series intrusion prevention system sensors are an important component of the Cisco Self-Defending Network. Using Cisco IPS Sensor Software Version 5.0, Cisco IPS sensors offer significant protection to your network by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse.
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide