[TriLUG] establishing linux {antivirus, anti-spyware, firewall} compliance to Windows-centric management

Tue Aug 26 16:18:52 EDT 2014

summary: how best to establish compliance with requirements to run host-based antivirus, anti-spyware, firewall/ruleset?

details:

I'm a student doing research using data and other computing resources provided by a federal agency in RTP. I'm in the area, but far enough away that travel to/from the site is onerous. Accordingly I have been using these assets remotely for almost 2 years: I use an agency-provided SecurID to authenticate to the agency's VPN[1], and SSH over the VPN into research clusters.

The agency contracts with Computer Sciences Corporation (CSC) for security services. It appears that, recently, CSC contractors decided to upgrade our security by requiring the following from remote users:

> [Agency] Remote System Administration User Agreement

> The purpose of this document is to define the requirements for access into the [agency] National Computer Center telecommunications network for the purpose of administering [agency] owned and managed asset computers, network devices, and application environments.

Note that, while I do *not* administer anything beyond my $HOME on the clusters, I and apparently all external "business partners" are being required to sign this document.

> PREREQUISITES

> Every administrator is required to have:

> P-1. From the [agency] network: An [agency] standard desktop

running the ultra-secure "Windows XP" :-)

> or Remote Management Console (RMC) in their office or cubicle managed by on-site personnel and configured to meet the [agency] Standard Configuration Document (SCD) for the installed Operating System (OS).  CSC supplied desktops will suffice provided that they are configured to meet the [agency] requirements established by Network Infrastructure Services.

Fortunately P-1 does not seem apply to remote users. That being said, I am also not an admin on their systems, yet I am being required to sign this. Go figure ...

> P-2. From Home or Offsite: An [agency]-compliant and approved workstation which meets or exceeds the security requirements for connectivity to the [agency] telecommunications network.  This system is required to have:

> P-2a. All of the latest [agency] approved patches and configuration parameters for operating systems and applications software.

AFAIK they know nothing about linux "approved patches and configuration parameters," but I'm sure they'll let me know.

> P-2b. Some version of antivirus software installed, running, configured, and patched with the latest virus definition files.  The software must perform a complete system scan at least once a week.

Would anyone care to recommend a low-overhead antivirus "solution"?

> P-2c. Some version of anti-spyware software installed, running, configured, and patched with the latest pattern files.  The software must perform a complete system scan at least once a week.

Would anyone care to recommend a low-overhead anti-spyware "solution"?

> P-2d. Some version of a host-based firewall installed, running, configured and patched with a rule set which conforms to industry best practices.

Would anyone care to recommend a low-overhead firewall and rule set?

Any further advice regarding how (or how not) to deal with this sort of situation (Windows admins seeking Windows-based approval of your Linux system) would also be appreciated.

HTH, Tom Roche <Tom_Roche at pobox.com>

[1]: IMHO a serious kludge. See https://support.mozilla.org/en-US/questions/931873#answer-352504