Network Security 101

[16k_zx81]

It will be obvious from this question that I dont have a networking background. Grateful to anyone who does who can contribute to the following. Thanks for bearing with me even though this may be obvious to those who have a grasp of network theory.

So lets say you have a small network, like in a small business.

One machine is a server. All of the employees machines access files on the server.

Each user has their own folder, subfolders

And there is a larger, "public" share that all users can access.

1. What protection is there for the 'public' folder that if a user gets some kind of nasty virus, it wont spread to all the other users' machines?

2. Is it correct to assume that if a 'user' folder is somehow infected (on the server) that the rest of the data is insulated?

3. What protections can be put in place to inhibit (1) and (2)?

4. If the OS of the server is firmware (ie, a NAS), does this offer an additional layer of protection? Similarly, if the OS of the server is 'malware resistant', (ie Linux), does this have a positive influence on reducing/inhibiting the possibility of malware infection?

 

[arringtondla]

First thing is to have the proper permissions for each user and their respective folders, put backup policies in place, OS host and OS server updates, plus antivirus definitions, all the obvious stuff.
If the OS is Windows based, use a server antivirus product like GFI Vipre Business or similar; if it's Linux based like a QNAP NAS box (I administer a TS809u at work), it will mitigate viruses to a certain point...
It would be much better if the hosts were Linux OS's too...
Anyways, for an example, say a zip file is placed on a Linux/Samba based server's "public folder" by a Windows host, it could infect another host just like it once another user retrieves it and unzips it...
So to cover yourself in a Linux network server scenario, make sure all Windows hosts have a good antivirus client and of course a scanner like ClamAV on the Linux machine.
A good portion of Linux based NAS boxes (if you prefer a NAS instead of a Linux box) have antivirus add ins like the QNAP TS809u I just mentioned.
Come to think of it, most of the QNAP business class NAS boxes have a ClamAV scanner built in.
I think you would have gone in the right direction anyway, after planning all of this out.

 

[MobileTechie]

1. What protection is there for the 'public' folder that if a user gets some kind of nasty virus, it wont spread to all the other users' machines?

Not much since it's the same as if you had that folder on your own PC. if you open the file and have no AV then you could get infected. Same as if someone is sending the file around by email or USB stick. But it's not likely to spread itself because it's being run on user machines not by the server's OS, otherwise you wouldn't be able to open a Windows file on a linux NAS.

2. Is it correct to assume that if a 'user' folder is somehow infected (on the server) that the rest of the data is insulated?

No. Unless you know the workings of the virus you cannot assume that. However if by infected you just mean they have an infected file on it, it might well be that is the case. An infected file is not the same as an infected system. Someone on a PC opening an infected file residing on a network share is opening the file on their own system, not the file server. Ie the code is going into their PC's memory, not the server's. So this won't infected the server's OS unless the virus is specifically written to exploit networks and even then it will have trouble.

3. What protections can be put in place to inhibit (1) and (2)?

Permissions, AV.

4. If the OS of the server is firmware (ie, a NAS), does this offer an additional layer of protection? Similarly, if the OS of the server is 'malware resistant', (ie Linux), does this have a positive influence on reducing/inhibiting the possibility of malware infection?[/QUOTE]

Yes. But again, one needs to consider the difference between an infected file and an infected system

 

[YeOldeStonecat]

A quality antivirus installed on the server that does scans.
Naturally there should be antivirus on the server also.

The danger comes from shares on the server with permissions set to read/write for the domain users group....it's a common need, there are usually at least one of these folders. So the antivirus needs to check those folders..normal real time protection/access should pick this up from the client end.

On servers...there are often some application share folders that need to be put in the antivirus exclusion range for performance purposes (from the client end)...and sometimes those have read/write permissions for the domain users group. So these folders should be scanned at night by the servers antivirus.

Malware that hopped across networks used to be popular...it slowed down, but I've seen it creeping up again in popularity. Twice in the past couple of months I've cleaned up server shares that had been hit by malware that put stuff in full permission folder shares.

 

[teksquad]

Antivirus in my opinion is not enough anymore. A good web filtering solution and and IPS (Intrusion Prevention System) is a good way to go. Lets not forget a decent stateful firewall on the network edge. Only allow inbound access from untrusted networks to the internal hosts and ports you need if your hosting anything internally. If not lock it down inbound from the outside. The stateful firewall will deal with the return traffic from internal users. That is just a few from the outside but also remember security on the inside as well.

 

[YeOldeStonecat]

Antivirus in my opinion is not enough anymore. A good web filtering solution and and IPS (Intrusion Prevention System) is a good way to go. Lets not forget a decent stateful firewall on the network edge. Only allow inbound access from untrusted networks to the internal hosts and ports you need if your hosting anything internally. If not lock it down inbound from the outside. The stateful firewall will deal with the return traffic from internal users. That is just a few from the outside but also remember security on the inside as well.

Agreed...when I take on new clients...or even looking at the networks of existing clients, I push UTM appliances at the edge....a regular old NAT router is no longer my first choice...no matter how beefy it is. UTMs do cut down on the incoming malware. However...once malware is in the network..they won't do much to prevent things such as the question the OP has.

 

[teksquad]

NAC is one way to kill an infected host but its not a cheap solution. Trend Office Scan has NAC capability with cisco hardware but for a small business this probably won't be an option as you need an additional policy server and compatible hardware. A managed antivirus would help with the alerting portion so at least you know when an event happens and can react to it.