Re: PCI / AV / Linux DB Servers
- From: Justin Mungal <justin@xxxxxxx>
- To: stephan uzzell <SUzzell@xxxxxxxxxx>
- Date: Tue, 4 Feb 2014 03:23:05 -0600
AV on a properly secured Linux DB server, that is on a secured network, is
not something I would suggest. But, there are some customers that want to
run it. Sophos AV has not caused any major problems as long as all of the
Oracle data directories are excluded from real-time scanning. As far as
benefits, they seem quite questionable to me.
On Fri, Jan 31, 2014 at 11:05 AM, Uzzell, Stephan <SUzzell@xxxxxxxxxx>wrote:
> Hi all,
>
>
>
> We're in a bit of an uncomfortable spot here... We're basically a Windows
> shop, our DB servers have internet access, and therefore our DB servers
> have AV software installed. We have periodically had to disable or even
> remove it on some of our larger database clusters as we have seen slow
> interconnect traffic with it enabled (Symantec Endpoint, mostly version 12
> by this point). As soon as we remove Endpoint, interconnect ping times go
> back to where they should be and we move on.
>
>
>
> We've just started a process of converting to Linux - supposedly we'll
> have all 240+ databases on 11.2.0.3 on Linux by the end of the year. We had
> somewhat assumed along the way that we would not be using AV software on
> our Linux DB servers: lower risk, fewer Linux viruses, &c.
>
>
>
> Our PCI auditor doesn't seem to agree. To satisfy his requirements, we
> need some form our AV software installed. Or some other form of protection...
>
>
>
> So - I guess my question is: people running production Linux environments
> - what do you do? How do you protect your servers?
>
>
>
> Thanks!
>
>
>
> *Stephan Uzzell*
>
>
>
Other related posts: