What is a sheep-dip?

& support
sheep icon

A sheep-dip is a dedicated computer which is used to test files for viruses before they are allowed into a company or institution. It is normally a stand-alone PC which has regular antivirus updates and security patches applied to it manually. The name is derived from a method of killing parasites in a flock of sheep by dipping all of the animals one after another in a trough of pesticide.

Whenever someone brings data from outside an organisation on removable media, the media must always first be checked with an antivirus scan by the sheep-dip computer. If the scan finds no viruses, then the removable media may be used elsewhere. On the other hand, if a virus or any other malicious software is found, then the media must be quarantined. In this way the organisation's other computers are protected by the sheep-dip.

The security of a sheep-dip depends on its antivirus protection being kept up-to-date and effective. This in turn relies on the computer's custodian remembering to take time to apply updates and patches manually. If the custodian forgets to apply updates, or is too busy, or fails to notice a problem with the antivirus, then the sheep-dip will become less secure.

Providing the sheep-dip with a network connection would enable it to receive its updates and patches automatically; however most security conscious organisations are understandably reluctant to allow untested removable media to be used with their networked computers. The fear that a malicious software infection might be introduced to a network is the reason why sheep-dips are usually stand-alone machines.

Next  |  Index