Antivirus for a Server ?

Darwin [DIDIx13]
6 years ago

0

Hello everyone,

A client just asked me if he needs an antivirus for his Windows Server 2016.

Can I have some links or information about how does an antivirus work on a server ? If it’s needed or not ? And Why ?

My client will come back tomorrow but I’m curious too :)

5replies
6voices
232views
1image
Smyler [WHGhost]
6 years ago

1

I think it depends on the server. I don’t really know, but I think sure an antivirus wouldn’t be much needed on a web or database server when it will be on a file server. AVs are efficient on desktop as the user is always working with various files, installing software etc.. For a server, most of the attacks will come from the Internet, so you need a Firewall and to make sure that all your services are properly setup.
I am absolutely not a pro on the subject, but after some searches this question on Serverfault seems to match my original idea:

Image

That’s a strange analogy but it matches well I think.


0

perhaps this will help you or no :) https://www.kaspersky.com/small-to-medium-business-security/windows-server-security
(I’ve always seen antivirus software as malicious, spyware. there are no anti antivirus to check if antiviruses are safe XD …)

but for me to protect his server you need a good firewall to control the traffic,
verifying his code and check that there are no xss or sql vulnerabilities (most common vulnerabilities)
making sure that you use new version of any dependencies and from official developer websites
hash and encrypt passwords
disable some functions (which allow us to get hight privileges…)
disable file upload or limit it by blocking php, asp… extensions
using linux based server and use functions like portspoof (some servers can be penetrated by simply using an open port and here portspoof will make new open fake ports (when the attacker will scan the server with nmap to check open ports to make an attack he will see lot of open ports (80% of them are not really open, illusion created by portspoof) and the attacker will try some ports but without success and he will stop (but here you have to not use default popular ports :) because the attacker will try it s attacks on them first :) ) …

no antivirus can protect us from malwares or other, proof with veil evasion , thefatrat we bypassed most of antiviruses

calling hackthis and ask us to do a penetration test to his server and after that we will do a report about the vulnerabilities founded and how to resolve them :)

fl0at0xff
6 years ago

0

hello,

in my company we use Kaspersky Antivirus for server. It is a business level product which is managed by Kaspersky Security Center (KSC). This product is not only an anti-virus but it can perform a lot of other task like firewalling, anti-cryptor module, and so one. If interressted for more details, contact me in private

crua9
6 years ago

0

@DIDIx13

WHGhost is right about your client will need a good firewall. But it should still be looked into. I haven’t played with 2016 and it might have win defender. If they want something more, you need to know
What is their price point?
What type of attacks does your client expect to have?
What is the server being used for?
How many people have access physically and virtually to the server?

Thing to note is most AV are about the same. Unless if you get an unknown no name one, they tend to all get the same definitions about at the same time. Things you need to note is can it scan for polymorphic malware, can it scan for rootkits, how the firewall works, and so on.
I have a few videos on this type of thing. You can see what polymorphic malware is here

Depending on the budget, you might want to look into net gen firewalls. My background with them is more into palo alto networks. But these basically look at the packet details vs blocking ports or whatever. An example these companies use is say if you want to block someone from playing farmville at work. To do this you will really need to block port 80 or block the website. The problem with this is blocking 80 will block most everything, and blocking FB or whatever might mess over the marketing team. So the next gen firewall will look at the packets itself and check with your rules. Some can even go as far as looking for malware (I’m not sure how good they are).

Smyler [WHGhost]
6 years ago

0

Actually, blocking a particular website should be done with an http proxy, not with a firewall. And there are already firewalls which look into the packet content at the application layer: they are called application firewall. For example, modSecurity is a WAF (web application firewall), it is an apache which will, just like network firewalls analyze the content of packets, analyzes the content of http requests or responses. In any case, in this kind of topic, what really makes the difference is not the tools, but how good you find a compromise between usability and security. The most secure firewall will aleways drop by default, but you obviously don’t know which of the millions existing websites your client will need to access.

3 replies have been removed
You must be logged in to reply to this discussion. Login
1 of 6

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss