Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SAVLINUX - LiveUpdating DMZ Hosts Securely

Created: 25 Jun 2012 | 3 comments
JRS17's picture

Hi All,

We are are currently using SAVLINUX on our DMZ webservers and in order to get these to update with the latest virus definition files, we need to pull down the latest updates from Symantec.  

Here's the dilema:

1) Option: Having DMZ hosts connect directly to Symantec 

Issue: Our sysadmins/network guys are hesitent on letting the DMZ servers connect directly to Symantec Liveupdate Servers

2) Option: Utilize LiveUpdate Administrator (already installed) for pushing updates to DMZ hosts 

Issue:  Since LiveUpdate Administrator already exists on an internal server, the DMZ servers would need to connect to it to get the updates.  This concerns our network guys as the DMZ touches the internal, protected network.  

Our requirement is to have daily updates, so manually updating is not in question. 

I am wondering if you have other options, or if you have the most secure way to get updates to the DMZ webservers using either method.  Can someone please provide some insight?  Thanks in advance!

Comments 3 CommentsJump to latest comment

pete_4u2002's picture

may be use a script

How to update a Linux-based computer with Intelligent Updater definitions
http://www.symantec.com/docs/TECH96754
 

Mick2009's picture

Hi JRS17,

Those SAVFL clients in the DMZ do not need to go to the LiveUpdate Administrator 2.x server itself to retrieve their updates.  Why not have the LUA 2.x server distribute SAVFL content to a location in the DMZ that the Linux boxes can access?  This can be locked down well with permissions.  Perhaps a specific username and password can be created solely for the use of the Java LiveUpdate that SAVFL uses: that user can have rights to the Distribution Center (DC) and nothing else. 

Also, if you want to get really secure, create a firewall rule (on teh firewaall between DMZ and production network) that allows access only from the LUA server to the location where the DMZ DC is only at the time of day when LUA performs its distribution.

Hope this helps!  Please do update thsi thread with your progress.

Some helpful links:

Configuring Symantec Antivirus for Linux (SAVFL) to download definitions from the Distribution Center of an internal LiveUpdate Administrator (LUA) 2.x Server
Article: TECH93505   |  Created: 2009-01-17   |  Updated: 2011-01-31   | 
Article URL http://www.symantec.com/docs/TECH93505 
 

Configuring LiveUpdate Administrator 2.x to Download and Distribute Symantec Antivirus for Linux Contents
Article: TECH152311   |  Created: 2011-01-31   |  Updated: 2011-01-31   | 
Article URL http://www.symantec.com/docs/TECH152311 
 

With thanks and best regards,

Mick

Mick2009's picture

Hi JRS17,

Any update on this thread?  Please do provide your currnt status, if time allows.

Also: followers of this thread are encouraged to check out:

SAV for Linux Scanning Best Practices: A (Somewhat) Illustrated Guide

https://www-secure.symantec.com/connect/articles/sav-linux-scanning-best-practices-somewhat-illustrated-guide

With thanks and best regards,

Mick