|
|
|
|
|
|
|
|
|
||
|
|
||
|
Be a Commerce Partner |
Innoculate Your Network: AVStripper
Reliable networking requires backup. High-availability servers are deployed in hot-standby pairs. Multi-homed networks use uplinks to more than one provider for path diversity. The Noah Principle—have at least two of everything—is a proven approach. So why expect your desktop anti-virus scanner to go it alone?
Vice President of Core Competence, Inc. [August 9, 2002] |
 |
After three months in the wild, Klez is still the most prevalent virus, infecting over 2.6 million computers to date. As noted in my earlier article, The Plague Upon Us, the cost of malware cleanup is escalating. According to ICSA Labs, the rate of infection is growing at 15 percent per year, reaching 113 virus-encounters per 1,000 machines during a recent 20 month study period.
Fighting off viruses is a full-time job. Ositis
AVStripper is a full-time antivirus solution. Combining this transparent
virus-scanning appliance with traditional desktop antivirus solutions
can help insulate your network from this rising tide of malware.
|
AVStripper |
 |
Ositis is the company behind WinProxy, a popular PC proxy program for Internet connection sharing. By repackaging its underlying firewall, filtering, caching, and anti-virus technologies, Ositis produced an entire family of Internet appliances:
- AccessNow VBN is an "Instant Internet" server for enabling visitor access in conference centers, hotels, airports, etc..
- SiteStripper uses SecureComputing's SmartFilter to provide URL blocking, enforcing web-access policies.
- AVStripper uses Trend Micro's antivirus engine to provide transparent HTTP, FTP, SMTP, POP3, IMAP, NNTP, and SOCKS virus scanning at the network edge.
AVStripper is sold as a 1U server with dual 10/100 Ethernet ports. By default, the unit operates as a bridge to avoid IP renumbering. After some initial testing, we dropped our AVStripper behind a workgroup firewall protecting our office network from the Internet. In larger networks, multiple AVStrippers could be deployed.
Funneling all traffic through any one device always raises single-point-of-failure concerns. We were therefore pleased to hear Ositis release automated load-balancing and fail-over support just after our evaluation concluded. According to Christy James, Director of Marketing, AVStrippers connected to a shared hub can confer with each other to distribute load. " Failure can be detected in one second; failover is completed in 12 seconds," said James. For those that want to redirect traffic with a load-balancing switch, AVStripper can now be configured into route mode.
Installation and Setup
Our first AVStripper install was completed in about five minutes, using
a web browser. To make this bridge manageable out of the box, Ositis seeds
AVStripper with the IP address 1.1.1.5.
The Getting Started Guide suggests adding a route for 1.1.15 on your PC, configuring your web browser to proxy to 1.1.1.5:80, then opening http://admin.avstripper. This works but is often unnecessary—as long as the AVStripper lies somewhere between your inside PC and an outside default gateway, just browsing http://1.1.1.5/admin.avstripper will reach the admin GUI.
Mandatory
configuration is truly minimal. Change the admin password, assign the
AVStripper its own IP address, and enter the antivirus serial number to
activate the unit's Trend Micro subscription (left).
Assigning AVStripper a local IP address is required for the unit to download virus engine and pattern file updates from Trend Micro (port 80) and send e-mail alerts (port 25). Customers with more than one AVStripper should also assign a second "configuration IP"—the address the AVStripper listens to for web admin requests (port 80) and Ositis tech support (port 5900). Both admin ports are password-protected and optionally constrained to a subnet. Options to close or change listening ports or protect the web GUI with SSL would be nice.
Although it did not happen to us, stale ARP caches on the admin PC or a nearby router may need to be flushed. Instead, we discovered that setting local and configuration IPs to the same value renders the AVStripper GUI unreachable. Fortunately, this operator error can be quickly undone by tech support.
In a random stroke of bad luck, our first AVStripper failed to reboot
after setup. The over-nighted replacement unit worked flawlessly, even
after storm-induced power failure. Factory diagnosis on our first unit:
bad hard drive. Ositis claims this is quite rare due to fail-safe features
incorporated in AVStripper. If a disk partition is ever corrupted, AVStripper
will boot from another good partition. Second, if BIOS is ever corrupted,
depressing a small switch hidden on the back of the AVStripper resets
BIOS to factory defaults. Ositis expects to offer an option to replace
the hard disk with a flash disk in other appliances—but probably
not with AVStripper, since considerable space is required to scan large
files.
ISP-Planet's
RSS feed
