[unisog] UConn's Residential Network Beat the Worms

Dan Jones dan.jones at colorado.edu
Wed Sep 3 14:46:43 GMT 2003


CU-Boulder had a similar approach although a much higher percentage of
student systems which were found to be vulnerable (46%).  I think
another difference is that we used an ActiveX component to determine the
patch level of the computer so that we were able to help automate the
patch process (although ActiveX components do have downsides).

I have published a summary document at 
http://www.colorado.edu/its/security/MS02036/ for those who may be 
interested.

In the future we will be looking at some solution to require a minimum 
patch level for all campus desktops (i.e., faculty and staff).  This 
could either be a similar modification to NetReg or a third party patch 
management solution.  While an intensive communications effort helped 
get faculty and staff to patch their computer in the long term my 
assessment is that we need to require a minimum patch level before 
gaining access to the network.  My short list of vendor solutions based 
on minimal research at this point includes:

-TotalCOMMAND
-Citadel Hercules
-HFNetChk Pro
-St. Bernard Update Expert
-Microsoft Software Update

I would be interested in hearing about experiences with these or other
products as well as experiences in requiring patch management for
faculty and staff.

Regards,

Dan Jones

-----------------------------------
Dan Jones
Campus IT Security Coordinator - ITS
University of Colorado
303.735.6637 Phone



Phil.Rodrigues at uconn.edu wrote:
> Hi all,
> 
>>From August 21-24, 2003 we had 11,500 students return to the residence 
> halls.  9,100 students registered their computers through NetReg and 
> successfully connected to the campus network and the Internet, mostly on 
> Saturday and Sunday.  We automatically scanned and identified 2,500 (27%) 
> of those computers as vulnerable and redirected them to a page where they 
> downloaded and installed the patch.  That is 2,500 computers that were 
> patched without staff intervention, and that were not infected with the 
> worm, and that did not generate a support phone-call or visit.
> 
> We have documented all the steps we took and linked to all of the code we 
> used.  If your student population has not yet returned to campus, and you 
> were already using NetReg to register them, you should be able to 
> implement all of these steps we took:
> 
> http://www.security.uconn.edu/uconn_response.html
> 
> We are very interested in making this page useful to as many institutions 
> as possible.  If you have a specific suggestion or criticism please direct 
> it to me or security at uconn.edu.
> 
> Good luck!
> 
> Phil
> 
> =======================================
> Philip A. Rodrigues
> Network Analyst, UITS
> University of Connecticut
> 
> email: phil.rodrigues at uconn.edu
> phone: 860.486.3743
> fax: 860.486.6580
> web: http://www.security.uconn.edu
> =======================================






More information about the unisog mailing list