Improving Virus Protection at Kent State University



Similar documents
Trust Informatics Policy. Information Governance Department. Computer Antivirus Management Policy

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

PC Security and Maintenance

ANTI-VIRUS POLICY OCIO TABLE OF CONTENTS

Quick Heal Exchange Protection 4.0

Microsoft IT Increases Security and Streamlines Antimalware Management by Using Microsoft Forefront Endpoint. Protection 2010.

Chapter 6: ScanMail emanager

Virus Protection for Small to Medium Networks

Reduce Your Virus Exposure with Active Virus Protection

Version: 2.0. Effective From: 28/11/2014

NITB Public & Partner File sharing Websites. User Guide

Perspective on secure network for control systems in SPring-8

Print Audit 6 Network Installation Guide

Taking a Proactive Approach to Patch Management. B e s t P r a c t i c e s G u i d e

Microsoft The next generation platform for student collaboration and communication

Security - A Holistic Approach to SMBs

SysPatrol - Server Security Monitor

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Enterprise Security Critical Standards Summary

Anti-Virus Policy. Computing and Networking Services (CNS).

Boston University Security Awareness. What you need to know to keep information safe and secure

Comodo Endpoint Security Manager SME Software Version 2.1

Microsoft Outlook 2003 Quick Reference

Guidance for recipients of an encrypted NHSmail

Enterprise Archive Managed Archiving & ediscovery Services User Manual

Web based training for field technicians can be arranged by calling These Documents are required for a successful install:

Edge-based Virus Scanning

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

System Compatibility. Enhancements. Operating Systems. Hardware Requirements. Security

SPAMfighter Mail Gateway

Contents of this tutorial. Virus Protection under windows

Today s Government Environment

Symantec AntiVirus for Network Attached Storage Integration Guide

UQconnect + for Life Basics

Virus Definition and Adware

Using Windows Update for Windows XP

Configuration Information

From SPAMfighter SMTP Anti Spam Server to SPAMfighter Mail Gateway

Installing GFI FAXmaker

EM L09 Simplify IT with Creative Ways to Leverage Dashboards, Reports and Workflows Hands-On Lab

Security Correlation Server Quick Installation Guide

Computer and Network Security Policy

HoneyBOT User Guide A Windows based honeypot solution

Northwestern University Dell Kace Patch Management

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

White Paper: Easy Remote Program Installations Using the Task Scheduler Service Rev 4 June 1, 2006

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support

THE COMPLETE VIEWER FOR MS PROJECT. Deployment White Paper

Trend Micro Hosted Security. Best Practice Guide

Introduction. POP and IMAP Servers. MAC1028 June 2007

IQware's Approach to Software and IT security Issues

Microsoft Outlook: Security Features. and Vulnerabilities

PC Proactive Solutions Technical View

Kaspersky Endpoint Security 10 for Windows. Deployment guide

Computer System Security Updates

Upgrading Good Mobile Messaging and Good Mobile Control Servers

Best Practices in Deploying Anti-Malware for Best Performance

Information leakage from PC by P2P file-sharing application, Phishing and Spy ware

Guidelines for Account Management and Effective Usage

Quick Reference Guide: Shared Hosting

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

Information Technology Solutions

Mail Services. Easy-to-manage Internet mail solutions featuring best-in-class open source technologies. Features

Enterprise K12 Network Security Policy

COMPUTER-INTERNET SECURITY. How am I vulnerable?

FlexSim LAN License Server

Configuration Information

System Services. Engagent System Services 2.06

Norton AntiVirus 9.0 for Macintosh

Online Backup Client User Manual

Airtel PC Secure Trouble Shooting Guide

Symantec Protection for SharePoint Servers Implementation Guide

Objectives. Chapter 2: Operating-System Structures. Operating System Services (Cont.) Operating System Services. Operating System Services (Cont.

Net Protector Admin Console

Firewalls and Software Updates

MailFoundry Users Manual. MailFoundry User Manual Revision: MF Copyright 2005, Solinus Inc. All Rights Reserved

Standard: Patching and Malicious Code Management

Backup with synchronization/ replication

BRIGHTSERVE SW 80 TH CT MIAMI, FL PHONE:

How to install phpbb forum on NTU student club web server

HELP DOCUMENTATION E-SSOM INSTALLATION GUIDE

(Self-Study) Identify How to Protect Your Network Against Viruses

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Malware: Malicious Code

Setting up Microsoft Office 365

Computer Viruses. What is a virus? Participating With Safety Briefing no. 5

Biological Sciences Computer Systems

Using Diskeeper Corporation Products with Windows XP Service Pack 2, Windows Server 2003 Service Pack 1 and Windows Vista

Evolutionism of Intrusion Detection

Student Halls Network. Connection Guide

Thexyz Premium Webmail

Hosted Exchange Sales Toolkit. Common objections FAQs

Setting up Microsoft Office 365

Steps for Basic Configuration

LANDESK Service Desk. Desktop Manager

ANTIVIRUS BEST PRACTICES

1. Installation Overview

Network Security and the Small Business

F-Secure Client Security. Administrator's Guide

Transcription:

Improving Virus Protection at Kent State University (Prepared by Joe Aulino. Distributed at UCT Oct. 31, 2003) For the purpose of this document, the term virus will be used generically to mean any piece of software that is loaded onto your computer without your knowledge and runs against your wishes. This very general use of the term virus is meant to cover viruses, worms, Trojan Horses and other computer infestations 1. How does KSU currently provide Virus protection? a. Information Services provide licenses for virus protection software for every faculty, staff and student. b. Updates to virus software are made available as soon as they are available from the vendor. c. All e-mail sent to kent.edu or Lotus Notes is scanned for viruses before being delivered. d. The Kent Network Users Group (KNUG) as a group and as a listserv is very active in sharing information among technical staff across the University. This helps to raise awareness and often stops viruses before they become problems. e. Some systems administrators across the University have also invested in their own virus protection systems to further protect resources under their control. 2. Have there been times when Kent State s approach to virus protection failed? Yes. Three incidents have happened over the last year where Virus protection failed in substantial ways. A brief description of each follows: a. SQL Slammer Virus: This virus hit the campus last spring. It caused unprotected servers running SQL server software to flood our network with traffic and brought the network down for approximately 1.5 days. b. RPC Virus: This virus hit the campus last week. While network services took fast action to contain the virus, technical staff had to clean numerous infected computers across campus. c. Sobig Virus: This virus hit on Tuesday, August 19 th. Virus protection software was not available from vendors until approximately 4 hours after the virus infected our computers. E-mail delivery was delayed (in some cases over 24 hours) but no e-mail was lost and the backlog was cleared by August 20. 3. What is the cost of these failures? a. Lost productivity by faculty, staff and students represents the greatest share of the cost and is immeasurable. Some more direct costs follow. b. SQL Slammer: i. Lost use of the network for 1.5 days ii. Roughly 98 Hours of IS staff time iii. Numerous hours of Lan Admin staff time

c. RPC Virus: i. Lost use of numerous desktop PCs ii. Roughly 84 Hours of IS staff time iii. Numerous hours of Lan Admin staff time d. Sobig Virus: i. Lost use of numerous desktop PCs ii. Delays of 24 to 48 hours in delivering e-mail (Lotus Notes to Lotus Notes e-mails were not impacted) iii. Roughly 60 hours of IS staff iv. Numerous hours of Lad Admin staff time The bottom line these outbreaks are disruptive, costly in man-hours needed for correction, costly in lost productivity and degrade the ability of IS to provide support for mission critical activities and 4. Are there any themes or patterns in the causes of these outbreaks? There are two areas that particularly raise Kent State s risk. The first is unprotected computers. In the case of Sobig, the virus moved too quickly (it was the fastest moving virus of all time) for the protection software to keep pace, but this is the exception. Unprotected servers and computers were definitely the problem in the SQL Slammer and RPC attacks. Second, the number of e-mail servers on campus presents the University with a very large risk. E-mail servers, particularly if unprotected, present the simplest way to infect the most computers in the shortest amount of time. This was evident in the Sobig attack. 5. How does IS recommend addressing these issues in the short term? a. The kent.edu and Lotus Notes e-mail servers should no longer accept certain types of e-mail attachments. A list of these attachment types appears at the end. There are ways that users needing to send or receive these attachments can safely do so (this is also explained in detail at the end). Information Services is proposing that this be implemented no later than September 15, 2003. b. All e-mail should be routed through smtp.kent.edu. This will ensure that all e-mail is virus checked and that the majority of spam is eliminated. This does not preclude units from running their own e-mail and from running their own e-mail virus scans. Information Services is proposing that this be implemented no later than Nov 15,2003. This time is necessary to increase the processing power of the existing mail relays. 6. Why eliminate certain types of e-mail attachments? E-mail attachments are the most common method used to deliver viruses to desktop computers. Viruses have to use these types of attachments because it allows them to automatically launch their program and infect the target machine. This relatively simple recommendation will eliminate many viruses - 2 -

from ever reaching a computer. Again, for those who need to send or receive such attachments, the last page explains two methods for doing so. 7. Won t those sending viruses just go to different attachment types? Of course this is possible and in some cases likely. However, viruses need a type of file that is able to execute a command on your computer. This limits the choices that virus purveyors have, and it makes this approach very robust. 8. What will happen to the e-mails with the offending attachments? The e-mails will be delivered as addressed. However, the attachment will be deleted from the e-mail. The recipient can then contact the sender and request the attachment be modified in a way that it can arrive safely. 9. Does e-mail have to be routed through IS servers if sufficient virus protection is in place on local e-mail servers? No. If local e-mail servers have sufficient and appropriate virus and spam protection in place, e-mail does not have to be routed through IS servers. However, e-mail administrators will have to contact IS (Greg Seibert gregs@kent.edu) and arrange for an audit of their systems if they wish to take advantage of this exception. IS will evaluate these requests on a case-by-case basis. Exceptions will be granted if the e-mail server is sufficiently protected, if the e-mail server removes attachments per the list at the end of this document, and the unit has sufficient dedicated resources to maintain an appropriate level of protection. Exceptions will be revoked if systems fail to maintain adequate virus protection or resources to support the e-mail server. Given the risk to the University, IS will err on the side of not granting exceptions. 10. What does IS recommend in the longer-term to address these issues? a. Establishing a patch server(s) on Kent State. This patch server would house the latest patches for operating systems and applications to protect computers against viruses. Ideally, these patches would be pushed onto computers connected to the Kent State network. How to run and maintain such a server, issues associated with pushing fixes onto computers and other policy issues will have to be addressed as this moves forward. IS will take a collaborative approach and work with all divisions in developing and implementing this idea. b. Providing Active Directory services to all faculty, students and staff. This will simplify the task of getting patches and virus protection out particularly in short notice situations. Again, a University-wide, collaboratively developed plan will be necessary to make this a success. - 3 -

11. When do the long-term solutions need to be in place? The long-term solution should be in place as quickly as possible. But, there are technical, process and policy issues to be evaluated and addressed before we can move forward. To help hasten this, IS is working on a pilot project to test these technologies. - 4 -

Attachment Extensions to Be Removed from E-Mails E-mail containing attachments with these extensions will have the attachments removed and then be delivered..ade Microsoft Access project extension.adp Microsoft Access project.mdb Microsoft Access program.bas Microsoft Visual Basic class module.mde Microsoft Access MDE database.bat Batch file.mhtml Eudora metarefresh.chm Compiled HTML Help file.msc Microsoft Common Console document.class Java bytecode file.msi Microsoft Windows Installer package.cmd Microsoft Windows NT Command script.msp Microsoft Windows Installer patch.com Microsoft MS-DOS program.mst Microsoft Visual Test source files.cpl Windows Control Panel extension.pcd Microsoft Visual compiled script.crt Security certificate.pif Shortcut to MS-DOS program.exe Program.reg Registration entries.hlp Help file.scf Windows Explorer.hta HTML archive.scr Screen saver.inf Setup Information.sct Windows Script Component.ins Internet Naming Service.sh[bs] Shell Scrap object.isp Internet Communication settings.url URL.jar Java archive.vb Visual Basic scripts.js Javascript file.vb[es] Visual Basic scripts.jse Javascript encoded script file.[xl]xnk Microsoft Exchange shortcut.jsp HTML-Java link.ws[cfh] Windows Script.jsp HTML-Java link.ma[dfgmqrstvw] Microsoft Access shortcuts If You Need to Send or Receive an E-Mail with one of these Attachment Types There are two options: 1. Change (or have the sender change) the extension of the attachment to a name that s not restricted. At the receiving end, the extension can be changed back. For instance a file named test.scr could be changed to test.sss and then changed back to test.scr upon receipt. 2. Put the file in a zip format and then attach it. zip files will go through with no problem. - 5 -

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information