Brief Survey on handling hacked machines:Humber College

[Chris Fontaine <chris.fontaine () HUMBER CA>]

Brief Survey on handling hacked machines:

I have read the posts on the security listserv at Educause and would like to
give the following feedback:

1. We are  currently using Roxio GoBack in our labs at Humber College, set to
auto-revert the workstations at every log on. (Each student has a unique ident)

2. TrendMicro NeatSuite is set as our standard anti-virus software college
wide. (servers, workstations, and e-mail scanning)

3. We use 3 Netscreen 100 firewalls (1 border, 1 internal gate, 1 for
residence) for traffic control and monitoring.

Our labs are imaged using Symantec Ghost at the beginning of each semester, to
ensure current patches (win2k, etc.)are applied to all software by our
development team.

We have begun a new approach of responsible computing, after attending a
session put on by Shirley Payne of the University of Virginia
(see: http://www.itc.virginia.edu/securitytoolkit) (thanks Shirley!!).

Compromised machines are immediately isolated (but not necessarily cut) from
the network, in order to perform forensic investigation as to the nature of the
compromise.

If anyone has any further questions, please feel free to contact me.
============================
Chris Fontaine
Digital Information Protection & Security,

Humber College
Information & Technology Services
205 Humber College Blvd
Toronto, Ontario, Canada
M9W 5L7
chris.fontaine () humber ca
(416) 675-6622 ext 4461

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.