Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Brief Survey On Handling Hacked Machines

From: Richard W Travsky <rtravsky () UWYO EDU>
Date: Thu, 24 Oct 2002 15:01:56 -0600
Towards the end of summer here at the University of Wyoming we experienced a rash
of IRC attacks and hacks (such as IRC BOT and IRC FLOOD) on Windows 2000 machines.
These turned the machines into share points for pirated software. We experienced
considerable network degradation, saturating our link.

Eventually things were dealt with and are back to "normal", giving time for
reflection...

With that in mind, we are curious about how other universities and institutions
of higher learning deal with such things and have a few questions:

1. What processes are you using to insure desktop security? Are you reactive or
proactive in your approach?

2. What issues do you have?

3. Are you using firewalls/virus protection?

4. What products are you using for this?

5. Do you have a method of "pushing out" software patches/security fixes?

6. How do you handle compromised machines? (That is, a machine that has been
hijacked to serve another purpose with the possibilities of backdoors etc remaining)



Answers to these from our site's perspective are:

1. User education, promotion of safe computing practices, communication with users
about security issues and why they're necessary. The approach is proactive but there
are always things not planned for where reaction is the only means of dealing with
it.

2. Issues would include such things as user compliance and education, manpower,
privacy and feelings of intrusiveness (not everyone likes the IT folks doing any
more poking around than necessary!)

3. Antivirus software (desktop and on mail servers), firewalls planned.

4. On the desktop we use Trend's Officescan; servers use Nortons, Sophos on mail
servers.

5. We use SMS for some of our business oriented software (like Oracle and
Peoplesoft) but not for patches.

6. This can depend on the degree of compromising. Rebuilding is always an option
unless a clear means of removal is known.


If you have a few moments, we would appreciate your responding with a line or two
for these questions.

Thanks for your time,

Rich Travsky
Division of Information Technology     RTRAVSKY @ UWYO.EDU
University of Wyoming              (307) 766 - 3668

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: