What's new

Small Business Security for Free

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ThatsMyTicket

New Around Here
Hi,

I will start by saying I am not in any way a network admin.

My boss has recently tasked me with trying to find a cheap (ie, FREE or dirt cheap) way to add security to our server (anti-virus, etc). I am not sure what is required to protect a server, as opposed to just one of our regular work machines. What I do know is that it is a very simple set up:

1 server, running MS Storage Server 2003 R2. Six or Seven machines networked to it as well as three printers. Our internet connection runs from that machine into a router and then out to the rest of us. We have large image database (art files) saved on that server with an external hard drive for back up. Symantec Back Up is installed, and we had a trial version of Avast!, which ran out - and he didn't want to pay the $400+ for the licenses. This is not a mail or web server, we do all that through Yahoo.

I really don't know where to start. Do I need "Server Protection" for a network that small, or will a regular old free anti-virus, like Ad-Aware, work?

Any suggestions people could give would be greatly appreciated.

Thanks!
 
A long subject which requires a long conversation, but I'll start with a few points to get the ball rolling, as I just received a large delivery of laptops I have to setup for a healthcare client and get onsite and setup.

I'm a small business network consultant, I've done this for a living for many years now. What I have been doing for the past few years, is realizing that plain old NAT routers are no longer adequate protection for business networks. UTM appliances are desired. UTM = Unified Threat Management. What these do, is take over as your router (or many support being run in transparent bridge mode behind your own router)...and provide additional layers of security, features such as antivirus scanning, anti-spyware scanning and blocking, spam removal for e-mail, etc.

One quick note, and I think you just have it worded wrong...you say the internet runs from that machine (referring to your 2K3 server)..into a router, to the rest of the workstations. I hope you actually meant the modem==>Router==>switch==>all computers, server and workstation. You want all your computers behind the protection of the NAT router, you don't want computers outside of the firewall..especially a Windows machine..and most especially not a server.:eek:

Antivirus protection...pretty much all of the "free" AV programs are only licensed to be used for home use. Read the EULAs...you'll see that they are not intended for "business use". Using these free products in a business environment can expose the business to hefty fines.... :eek:

Most of the free AV products are only certified for use on a desktop OS, and not a server OS. The reasons are many, servers are important, and they run a lot of complicated tasks, and since they're important..support for any product is critical to have. Free AV products usually don't come with support. Plus...you don't just install an antivirus on a server and consider it done, there are many..many..many custom settings you MUST do to the real time protection and other areas, including adding a looooong exclusion list to the real time file protection. Else you will have an unstable, poorly performing server with issues such as corruption of data and files.

The only free antivirus product I've seen certified for use on Windows Server is one made by Fortinet....called FortiClient.
http://www.forticlient.com/standard.html
However, it includes other things which you may want to see if you can disable upon install, I've never used it. The common free AV products...such a Avast, AntiVir, Microsofts excellent Security Essentials product...and that horrible AVG...their free products are not certified to be installed on a Server OS, nor used in a business environment (exceptions for MSE..you can use it in a "home business").

Ad Aware is not an antivirus program, it's only an anti adware/spyware program. To scan for/clean just you pick up from surfing the web, which you should not be doing from a server.

Should you have an antivirus program on a server? Yeah, you "should". Does everybody? No. First off, if you follow the rules and you DO NOT surf the web from a server, you don't check e-mail from a server, you don't use the server as a workstation, it's only used as file storage (no other servers like e-mail running on it, or exposed to the internet) it should be much safer and less exposed. BUT...technically if someone saves an infected file to it, or another computer on the same network gets hit by malware that can hop/spread across a network..the server can be exposed.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top