Re: Brief Survey On Handling Hacked Machines

[dennis <dennis () VALTX COM>]

Rich Travsky and Educause Security Members,    Free Evaluation Security
unit to Educause members

In response to your questions on Desktop Security my company, Valt.X
Technologies of Toronto manufactures a new hardware device called the
Storage Firewall.

With the Storage Firewall there is no such thing as your machines
becoming compromised - you just press the reset button to automatically
eliminate Viruses, Hacker Exploits, Spyware, and unauthorized user
changes including programs.
We will give you back control of your computers. Recovery is automatic
and instant.
It's a Hardware device - no software - no drivers - no updates - no
maintenance and it works with any PC based OS - current or future -
including all Windows, Unix, Linux, OS2, BEOS and Dos - yes it works
with Dos.

I am inviting any Educause Security Group member that wants to evaluate
our innovative device to just email me at dennis () valtx com . I will send
our product information and a sample unit at no cost.

Now we are a startup and I would have preferred to get paid however as
Educause has been generous in allowing my participation - I feel that it
is best that we ship our evaluation units at no cost to participants.

Dennis Meharchand
CEO, Valt.X Technologies Inc.
Tel: 416-746-6669, 1-800-361-0067


-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Richard W Travsky
Sent: Thursday, October 24, 2002 5:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Brief Survey On Handling Hacked Machines

Towards the end of summer here at the University of Wyoming we
experienced a rash
of IRC attacks and hacks (such as IRC BOT and IRC FLOOD) on Windows 2000
machines.
These turned the machines into share points for pirated software. We
experienced
considerable network degradation, saturating our link.

Eventually things were dealt with and are back to "normal", giving time
for
reflection...

With that in mind, we are curious about how other universities and
institutions
of higher learning deal with such things and have a few questions:

1. What processes are you using to insure desktop security? Are you
reactive or
proactive in your approach?

2. What issues do you have?

3. Are you using firewalls/virus protection?

4. What products are you using for this?

5. Do you have a method of "pushing out" software patches/security
fixes?

6. How do you handle compromised machines? (That is, a machine that has
been
hijacked to serve another purpose with the possibilities of backdoors
etc remaining)



Answers to these from our site's perspective are:

1. User education, promotion of safe computing practices, communication
with users
about security issues and why they're necessary. The approach is
proactive but there
are always things not planned for where reaction is the only means of
dealing with
it.

2. Issues would include such things as user compliance and education,
manpower,
privacy and feelings of intrusiveness (not everyone likes the IT folks
doing any
more poking around than necessary!)

3. Antivirus software (desktop and on mail servers), firewalls planned.

4. On the desktop we use Trend's Officescan; servers use Nortons, Sophos
on mail
servers.

5. We use SMS for some of our business oriented software (like Oracle
and
Peoplesoft) but not for patches.

6. This can depend on the degree of compromising. Rebuilding is always
an option
unless a clear means of removal is known.


If you have a few moments, we would appreciate your responding with a
line or two
for these questions.

Thanks for your time,

Rich Travsky
Division of Information Technology     RTRAVSKY @ UWYO.EDU
University of Wyoming              (307) 766 - 3668

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.