Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
0
Helpful
2
Replies

Detecting Viruses

vanagon2tdi
Level 1
Level 1

‎06-03-2005 07:46 AM - edited ‎03-09-2019 11:28 AM

Is there any documentation on how to check for viruses on my network?

We have a network with around 200 client networks all running through our firewall. Sometimes I notice spikes in the traffic that could possibly be related to viruses, but I am unsure on how to determine it.

Any help would be great.

Labels:
0 Helpful
2 Replies 2

paddyxdoyle
Level 6
Level 6

‎06-03-2005 08:25 AM

Hi,

I would recommend using Netflow on your Cisco routers to detect virus activity.

The following document is about detecting and preventing the w32.blaster virus and it has a section about how to do detect the virus using Netflow:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a00801aedd6.html

For more comprehensive information on Netflow have a look here:

http://www.cisco.com/warp/public/732/Tech/nmp/netflow/index.shtml

Good luck!

Paddy

0 Helpful

ROBERTO TACCON
Level 4
Level 4

‎06-06-2005 07:33 AM

I recommend to use an IPS intergrated on a router / switch or a dedicated appliance (for me the last it's the better solution because the signatures are updated regularly ... it's possible to do the same thing with netflow or maybe with a protocol analyzer but not simple to do):

• Cisco IOS Intrusion Prevention System (IPS)

Cisco IOS IPS helps to protect a customer's network from internal and external attacks and threats.

Cisco IOS IPS allows customers to choose between any of the following options when loading the signatures onto a device:

-Loading the default, built-in signatures

-Downloading dynamic signature detection files (SDFs), which are dynamically updated to provide customers with the latest available versions to better detect security threats.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_fwids.htm

• Cisco® IPS 4200 Series intrusion prevention system sensors are an important component of the Cisco Self-Defending Network. Using Cisco IPS Sensor Software Version 5.0, Cisco IPS sensors offer significant protection to your network by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse.

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html

0 Helpful
Customers Also Viewed These Support Documents