Educause Security Discussion mailing list archives
Brief Survey On Handling Hacked Machines
From: Richard W Travsky <rtravsky () UWYO EDU>
Date: Thu, 24 Oct 2002 15:01:56 -0600
Towards the end of summer here at the University of Wyoming we experienced a rash of IRC attacks and hacks (such as IRC BOT and IRC FLOOD) on Windows 2000 machines. These turned the machines into share points for pirated software. We experienced considerable network degradation, saturating our link. Eventually things were dealt with and are back to "normal", giving time for reflection... With that in mind, we are curious about how other universities and institutions of higher learning deal with such things and have a few questions: 1. What processes are you using to insure desktop security? Are you reactive or proactive in your approach? 2. What issues do you have? 3. Are you using firewalls/virus protection? 4. What products are you using for this? 5. Do you have a method of "pushing out" software patches/security fixes? 6. How do you handle compromised machines? (That is, a machine that has been hijacked to serve another purpose with the possibilities of backdoors etc remaining) Answers to these from our site's perspective are: 1. User education, promotion of safe computing practices, communication with users about security issues and why they're necessary. The approach is proactive but there are always things not planned for where reaction is the only means of dealing with it. 2. Issues would include such things as user compliance and education, manpower, privacy and feelings of intrusiveness (not everyone likes the IT folks doing any more poking around than necessary!) 3. Antivirus software (desktop and on mail servers), firewalls planned. 4. On the desktop we use Trend's Officescan; servers use Nortons, Sophos on mail servers. 5. We use SMS for some of our business oriented software (like Oracle and Peoplesoft) but not for patches. 6. This can depend on the degree of compromising. Rebuilding is always an option unless a clear means of removal is known. If you have a few moments, we would appreciate your responding with a line or two for these questions. Thanks for your time, Rich Travsky Division of Information Technology RTRAVSKY @ UWYO.EDU University of Wyoming (307) 766 - 3668 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Brief Survey On Handling Hacked Machines Richard W Travsky (Oct 24)
- <Possible follow-ups>
- Re: Brief Survey On Handling Hacked Machines dennis (Oct 24)
- Re: Brief Survey On Handling Hacked Machines Lance Jordan (Oct 29)