Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» Packages» Antivirus scanning at VPN endpoints
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Antivirus scanning at VPN endpoints  (Read 326 times)
0 Members and 1 Guest are viewing this topic.
devlin7
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: May 21, 2009, 05:38:30 pm »
I really really really like PFsense and would love to implement here at our school. It is logical, easy to setup and use but in my humble opinion lacks an important feature and that is antivirus.

I realise there is a HAVP package in progress but what about protecting your network from the nasties at the end of your VPN tunnels? We offer VPN to staff at home at present but I can't do this with PFsense because there is nothing to prevent the nasties of the home computers infecting our network.

Is there anything in the pipeline? How, are others getting around this?

G.
« Last Edit: May 23, 2009, 09:00:06 pm by submicron » Logged
submicron
Global Moderator
Sr. Member
*****
Offline Offline

Posts: 429

I like pie!


View Profile WWW
« Reply #1 on: May 23, 2009, 08:59:10 pm »
As has been pointed out a number of times, antivirus scanning at the border is ineffective and the wrong answer.  There are far better solutions to antivirus scanning. 
Logged
pfSense Commercial Support

Paying customers receive support priority and detailed answers
through the official pfSense support system while helping the pfSense project and its developers
Cry Havok
Hero Member
*****
Offline Offline

Posts: 1490


Backup: n. What you should have done yesterday.


View Profile
« Reply #2 on: May 24, 2009, 12:52:02 pm »
I'll disagree.  Antivirus scanning at the border only is ineffective, but as part of a comprehensive solution, it can help.

However, you should never allow an untrusted host or network unrestricted access to your network.  I'd suggest instead that when staff VPN in they are connected to a restricted network that only gives them access to a Windows Terminal Server (or similar technology).  If you appropriately secure that host then your risk goes down significantly.
Logged
If you're planning on PMing me to ask me to look at a thread, or for individual support, don't.
submicron
Global Moderator
Sr. Member
*****
Offline Offline

Posts: 429

I like pie!


View Profile WWW
« Reply #3 on: May 25, 2009, 01:57:34 pm »
Antivirus scanning at the gateway is extremely slow, and extremely easy to circumvent.  There are plenty of ways you can protect your network using pfSense, putting an AV client on it and trying to look inside every stream for malicious content isn't one of them. 
Logged
pfSense Commercial Support

Paying customers receive support priority and detailed answers
through the official pfSense support system while helping the pfSense project and its developers
dvserg
Global Moderator
Hero Member
*****
Offline Offline

Posts: 1906


View Profile WWW
« Reply #4 on: May 25, 2009, 02:33:54 pm »
 I see anti-virus as a supplement to low-budget systems (all in one). Or as a separate pfSense-based proxy server for scanning (and i use this in bridge).
Logged
SquidGuard Doc EN  RU Tutorial
3proxy, SqStat:  http://www.diskatel.narod.ru/pfSense/index.htm
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
Page created in 0.267 seconds with 19 queries.