cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
637
Views
0
Helpful
4
Replies

Virus Scanning Gateway

irlitewave
Level 1
Level 1

I have the need to prevent Remote Accesss clients using dial-up or vpn to have all files transferred while connected virus scanned before entering the main network. Here is my current layout:

Internet---PIX 515---RAS Server---2691 With ACLs---Network

The pix protects the RAS server from unauthorized traffic, The router protects the network from worms on infected dial-up and VPN clients. What I need is a box between the firewall and Ras server or the ras and router to scan for viruses on all traffic. I was thinkg some type of Application Layer Gateway with virus scann installed, but I have not had any luck finding one. The desire is to no longer worry if the remote client has virus protection installed or not, yet not allow infected files into the main network.

Thanks for any input.

Dave

4 Replies 4

travis-dennis_2
Level 7
Level 7

You may want to check out this later on this year.

http://newsroom.cisco.com/dlls/partners/news/2004/pr_prod_02-13.html

But for right now it appears that your traffic is flowing through your RAS server. Is this correct? If so you can use a product like Symantec Antivireus for Gateway. This will scan all TCP traffic that passes through the server for viruses.

http://enterprisesecurity.symantec.com/products/products.cfm?ProductID=142&EID=0

Most AV vednors have a similar product.

Mcafee's offereing

http://www.nai.com/us/products/mcafee/antivirus/internet_gateway/category.htm

If your traffic is not passing through the RAS server then you could set up a WIndows box as an internal router that the VPN traffic has to pass through and set up the AV scanning on that box.

Please have a look at the Cisco Security agent as well. This helps for "Day Zero" attacks when there are no virus definitions avaialble.

http://www.cisco.com/en/US/netsol/ns340/ns394/ns171/ns413/networking_solutions_package.html

Hope this helps.

Please remember to rate all replies.

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

Sorry the diagram is a little deceitful, not all of the Internet traffic goes through the RAS server, just dial-up and VPN. It is a MS 2000 Server with routing and remote access and Sophos installed. Even with real time Virus Scanning enabled it does not catch a virus that somebody may be copying up to a server on the inside. If he file is copied to the RAS server it catches it. Our email, web browsing, and worm detection is very tight already; it is just the virus infected files that may be copied from an infected host to the share server will not be caught until the nightly scan is done. There are performance issues when the real-time virus scan is enabled on the file-sharing servers.

Thanks for your reply.

Is adding an internal w2k server as an internal router out of the question? I don't think Cisco offers anything that can get tnhis done at the moment.

Not at all, I'm quite sure i can do that..

Thanks