Problem solve Get help with specific problems with your technologies, process and projects.

Virus protection on a firewall

I read you should not put virus protection software on a firewall (or even a proxy) to avoid an denial-of-service attack. Why is that?
I assume that your advisors are concerned about performance and/or the security risk of overloading your firewall with functionality. If someone sends a bunch of virus-loaded e-mail to your network, your firewall could choke from all of the traffic. Your best bet is to put antivirus solutions not on the firewall itself, but on your mail server and http/ftp proxy box. If these are separate machines from your firewall, a flood of viral traffic won't kill all of your Internet connectivity, but only those components being attacked. It's a pretty good idea from an architecture perspective to remove these functions from your firewall. Let the firewall focus on firewalling... other systems can do virus protection better.

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Firewalls
Best Web Links: Secure Messaging

This was last published in October 2002

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.