home

Server Malware Protection Policy

Read Complete Research Material

SERVER MALWARE PROTECTION POLICY

Server Malware Protection Policy



Server Malware Protection Policy

Introduction

Overview

Yahoo is depended with the authority to give expert administration of customers servers as plot in each of the agreements with its clients. Innate in this avocation is a commitment to give suitable security against malware threats, for example infections and spyware provisions. Viable execution of this approach will restrict the introduction and impact of regular malware threats to the frameworks they blanket.

Discussion

Purpose

The purpose of this policy is to highlight which systems of server are needed to have antivirus and/or anti spyware applications.

Scope

This approach applies to all servers that Yahoo is dependable to operate. This unequivocally incorporates any framework for which Yahoo has a contractual commitment to manage. This likewise incorporates all server frameworks setup for inward use by Yahoo, paying little mind to if Yahoo holds managerial commitment or not.

Policy

Yahoo operations staff will stick to this policy to find which servers will have anti virus and/or anti spyware application programs installed on them and to apply such applications where their application is appropriate.

Anti Virus

All servers must have an antivirus application installed that offers real time scanning protection to files and applications running on the target system if they fulfill one or more of the following conditions:

Non administrative users have remote access capability

The system is a file server

NBT/Microsoft Share access is open to this server from systems used by non administrative users

HTTP/FTP access is open from the Internet

Other

“Risky” protocols/applications are available to this system from the Internet at the discretion of the Yahoo Security Administrator All servers should have an anti virus application installed that offers real time scanning protection to files and applications running on the target system if they meet one or more of the following conditions:

• Outbound web access is available from the system .

Mail Server Anti Virus

If the target system is a mail server it must have either an internal or external anti virus scanning application that scans all mail bound to process through to and from the mail server. Local anti virus scanning applications may be disabled during backups if an external antivirus application still scans inbound emails while the backup is being performed.

Anti Spyware

All servers MUST have an anti spyware application installed that offers real time protection to the target system if they meet one or more of the following conditions:

Any system where non technical or non administrative users have remote access to the system and any outbound access is permitted to the Internet.

Any system where non technical or non administrative users have the ability to install software on their own.

Notable Exceptions

An exception to the above standards will generally be allowed with minimal resistance and documentation if one of the following notable conditions applies to this system:

The system is a SQL server

The system is used as a dedicated mail server

The system is not a Windows based platform

Enforcement

The responsibility for enforcing this ...