Click here to receive your FREE subscription to Campus Technology
Lessons from a Post-Blaster, Post-Welchia, Post-Nachi, Post Mortem
Current News
Picking at a Virus-Ridden Corpse:
Lessons from a Post-Blaster, Post-Welchia, Post-Nachi, Post Mortem
9/17/2003
J'e St Sauver, director of user services and network applications at the University of Oregon Computing Center, has just gone through what everyone else has: the epidemic of viruses and worms that rained down on campus networks over the last several months.As our guest editorialist this week, J'e has some strong opinions on why some people got hit so hard and others didn’t. He also has some good lessons-learned. Oh, J'e also wanted me to point out that his perspectives here do not reflect difficulties or conditions at either his institution or any one particular institution. They are "a synthesized view that reflects the collective higher education experience."
—Terry Calhoun, IT Trends Commentator, Society for College and University
Planning (SCUP), University of Michigan.
------------------------------------------------
Sick of the Blaster/Lovsan, Welchia, Nachi experience? I know I am.
Let's do a brief post mortem and see what good we can glean from the latest
virus follies.
1. It's Windows PCs (again)
D'es your campus rely on PCs running a current version of Microsoft Windows?
If so, I suspect you were hit hard. Campuses that use Macs (or Unix/Linux workstations,
or a mixture of different types of systems) experienced fewer direct problems,
although even the most innocent shouldered part of the collective burden.
Do we never learn? Just as these viruses targeted PCs running Microsoft Windows,
so have virtually all the previous ones. Time after time, infestation after
infestation, the viruses and the worms have come for the PCs running Microsoft
Windows, and time after time, the PCs running Microsoft Windows have fallen.
Given that pattern, what is surprising (at least to me), is that few universities
seem to notice this pattern, and even fewer of them "vote with their purchase
orders" in favor of more secure/less commonly attacked systems.
D'es this mean that I would like all sales of Windows PCs to cease? No. What
I do want is a healthy level of operating system diversity, because in computing
(as in agriculture or a stock portfolio) diversity is key to managing risk and
building resilience.
2. That Perimeter Fence Sure Looked Good
Institutional firewalls are a staple security recommendation on every IT auditor's
checklist. Unfortunately, the recent viruses have illustrated just how ineffectual
they can be. Failure modes were numerous at many sites and for many reasons,
including:
Recommended Reading
- Campus Security :: June 27, 2008
:::::: NETWORK SECURITY
: Delivering Slices of Network Securely at USC
:::::: CAMPUS SECURITY NEWS
: VMware Finds Home on Campus in Disaster Recovery Planning
: Microsoft Advisory Targets SQL Injection Attacks
: Mobile Security To Surface in Sybase iAnywhere Suite
: Southeast Missouri State Says Former Employee Took Student Data
: Universities Deploy Procera Hardware to Prioritize Network Traffic
: Dartmouth Launches 2-Week Crash Course in Security
: Survey: Many Microsoft Patches Are Going Uninstalled
: New Bluetooth Patch Fixes XP Security Hole - IT Trends :: Thursday, June 26, 2008
:::::: FOCUS
:: Lyon's 1:1 Laptop Program Aims To 'Level the Playing Field' for Students
:::::: IT NEWS
:: Windows XP's Death Is for Real, Microsoft Rep Explains
:: Temple To Deploy Wireless LAN Across 8 Campuses in Philly
:: Adobe Releases Acrobat 9, Creative Suite 3.3
:: Microsoft Open XML Converter Arrives for Mac
:: Pentaho's BI Platform Released Under GPL
:: New Bluetooth Patch Fixes XP Security Hole
:: New 11.0 openSuSE Linux OS Released - C-Level View :: June 25, 2008
:::::: EXECUTIVE VIEW
: The Educational Software Paradox - Can We Learn to Unlearn?
:::::: WORTH NOTING
: D2L: Blackboard's Comments 'Contempt(ible)'
: Ohio State Installing Interactive Technologies in Campus Incubator
: New Green Supercomputer Powers Up at Purdue
: Western Governors U Offers New Online Degree in Health Informatics
: Foothill-De Anza CC District Deploys Abaca for E-mail Protection - SmartClassroom :: Wednesday, June 27, 2008
:::::: VIEWPOINT
: Podcasting in Instruction: Moving Beyond the Obvious
:::::: NEWS and PRODUCT UPDATES
: D2L: Blackboard's Comments 'Contempt(ible)'
: Ohio State Installing Interactive Technologies in Campus Incubator
: Samsung Launches Pint-Sized Projector
: Mediasite 5.0 Debuts; New Classroom Recorders Coming in July
: Mitsubishi Launches Wireless, Short-Throw Projectors - News Update :: Tuesday, June 24, 2008
:::::: NEWS
: Sao Paulo University Taps Sun Technology for Computing Cluster
: Ohio State Installing Interactive Technologies in Campus Incubator
: New Green Supercomputer Powers Up at Purdue
: Mediasite 5.0 Debuts; New Classroom Recorders Coming in July
: Intel 'Holding Back' USB 3.0 Spec, Says Nvidia
: Allegheny College Launches Energy Reduction Program
: Virginia Tech Automates User State Management with Kaseya
: Tokai U Uses PTC MCAD Software To Design Car that Competes at Le Mans - IT Trends :: Thursday, June 19, 2008
:::::: CASE STUDY
:: Job Scheduling Software Smooths Data Transfers at IUF
:::::: IT NEWS
:: Blackboard Continues Pursuit of Desire2Learn
:: IBM Launches 'Carbon Strategy' Service in Project Big Green
:: Microsoft Joins Open Source Census Group
:: Swedes Deploy Dual-Boot 'Green' Supercomputer with IBM, Intel Chips
:: U North Texas To Roll Out ImageNow for Document Management
:: Cambridge Installs Panasus Parallel Storage System for Research Support
:: Novell Joins Microsoft Server Virtualization Validation Program, Runs Windows Server 2008 On SUSE Linux Enterprise
