virus protection in university of windsor
DESCRIPTION
Virus Protection in University of Windsor. Kelvin Hwang Client Support and Services ITS. December 3, 2004. 1. Worldwide Impact of Viruses. Source: Computer Economics, 2002-2003. 2. Current Virus Statistics on Campus. Servers (per day) - Normal: Total 50 – 80 viruses - PowerPoint PPT PresentationTRANSCRIPT
Virus Protectionin
University of Windsor
Kelvin HwangClient Support and Services
ITS
December 3, 2004
1. Worldwide Impact of Viruses
Year Virus Name WorldwideFinancial Impact
2003 SoBig.F $1.1 billions
2003 Nachi $500 millions
2003 Blaster $400 millions
2003 Slammer $1.25 billions
2002 Badtrands $400 millions
2002 BugBear $500 billionsSource: Computer Economics, 2002-2003
2. Current Virus Statistics on
Campus Servers (per day)
- Normal: Total 50 – 80 viruses- Virus Outbreak: Over 2,000 viruses
Work Stations - Monthly Infected clients:
Normal: 150 – 400Virus Outbreak: Over 600
- Quarantined VirusesNormal: 200 – 400 viruses per dayVirus Outbreak: Over 10,000 within 1 hour
3. Reaction in ITS Virus Protection Task Force was formed in
October 2001 to determine campus-wide virus protection for servers and workstations
Trend Micro Incorporated was selected First Virus Information Server was set up in
2002 Current Virus Information Server was upgraded
in March 2004 (H/W & O/S) PC-cillin available to faculty and staff in 2002 ServerProtect and OfficeScan were upgraded
in September 2000
4. Current Products & Supports
ScanMail for Domino Servers (V 3.0) ServerProtect (V 5.58)
- 7 Novell Servers- 18 Windows Servers
OfficeScan (V6.5)- 15 Windows Servers- 2000 Work Stations
PC-cillin Internet Security 2004- Laptops- Students, Faculty and Staff home PCs
5. ServerProtect Architecture
TCP/IP ProtocolVirus Information Server
ServerProtect
U of W Firewall
Novell Domain (IPX/SPX/IP) Windows Domain (TCP/IP/RPC)
IPX: Internetwork Packet ExchangeSPX: Sequenced Packet ExchangeRPC: Remote Procedure Call
6. Major Configurations Download: Pattern Version, Scan Engine, etc.
from Trend Micro Active Update Server every hour
Deploy updates to servers at 01:00 AM every day Scan Options:
- Real-Time Scan: On- Manual Scan: By Administrator- Task Scan: Every Friday 02:00 AM
Virus Handling: - All files less than 2 MB- Cleanable … Clean- Not cleanable … Quarantine in local
7. ServerProtect Control Console Example
8. OfficeScan Architecture
TCP/IP Protocol
Virus Information ServerOfficeScan
U of W Firewall
IP/RPCIP/RPC
9. Major Configurations Updates:
Check updates from Trend Micro every hour Client Deployment:
Auto & Manual update Scan Options:
- Real-Time Scan: On- Manual Scan & Schedule Scan: By users
Virus Handling: Clean and Quarantine
Outbreak Prevention:- Block shared folders- Block ports- Deny write files and folders
10. OfficeScan Control Console Example 1
11. OfficeScan Control Console Example 2
12. OfficeScan Client Example
13. PC-cillin 2004 Architecture
Trend Micro Active Update Server
TCP/IP Protocol
TCP/IP Protocol
14. PC-cillin Example
15. Current Limitations
OfficeScan for Workstations ScanMail & ServerProtect for Mail Servers and other
servers
Purpose Increase Virus Protection at Client Level
Increase Virus Protection at Server Level
Limitations
- Some clients disable or unload virus protections- Not all components are always up-to-date- Lap tops owned by students, Faculty, staff, or contractors may not have virus protection software- Lacks management oversight if desktop virus protection are not managed by Trend Micro management tool
- Virus infections via non-centralized servers cannot be detected- Students and employees can still download infected files from other Webmails
* Viruses can pass firewall looking for possible hosts. (No protections at firewall level)
16. Virus Evolution
Threats increasingly migrating to server and gateway
Web/Email
Code RedNimda
Goner
2001 2002
Web/Email
Code RedNimda
Goner
2001 2002
BubbleboyMelissa
1999 2000
LoveLetter
Diskettes
1997 1998
17. Other Threats
18. Enforce Protections
Virus protection at firewall level needs to be improved
Other protection are required (Ad-ware, Spy-ware, Intruders)
Virus
Virus
Virus
Virus
Virus
Questions&
Comments?
AppendixStart
MaliciousPurpose?
CodeReplicates?
InfectsA carrier toreplicate?
End
Not a Malware
Virus
TrojanHorse
Worm
Y
Y
Y
Y
Y
N
N
N