Educause Security Discussion mailing list archives
Mandating format/reinstall after compromise
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 8 Sep 2004 13:05:53 -0400
We're wrestling with supporting a format/re-install process for compromised computers and would appreciate some input. We're especially interested in the ways you handle student computers. How many of you *require* a computer be reformatted and reinstalled after a compromise? Does a computer running malware that includes an IRCBOT or remote control trojan meet your definition of a compromise requiring a reformat/re-install? Do you have to have proof that it was taken advantage of or is its mere existence sufficient? Do you do the format/reinstall yourself? If not, how do you check for compliance with this policy? Who is responsible for backups before the format process? What do you do if the student does not have recovery media? (OS, applications, backup capability, etc.) Do you alter the affected computer's network connectivity until the format/reinstall is done? Do you disconnect entirely or just reduce connectivity? What is the process to regain full connectivity? Are any of you in a situation where you've "sublet" a portion of your network (connectivity, topology, and IP address space) to a third party contractor providing connectivity to off-campus students? How does this affect your policies? thanks, -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Mandating format/reinstall after compromise Gary Flynn (Sep 08)
- <Possible follow-ups>
- Re: Mandating format/reinstall after compromise Bruhn, Mark S. (Sep 09)