Educause Security Discussion mailing list archives
Re: Compromised Windows Machine Remediation
From: Theresa Semmens <Theresa.Semmens () NDSU NODAK EDU>
Date: Wed, 6 Oct 2004 12:05:52 -0500
At NDSU, we adopted a "two strikes" policy. When a student owned machine becomes infected or compromised, we allow the student to attempt to clean and patch the machine. The helpdesk is available to give advice and how-to points. Once the student has done this, we re-instate them on the network. If they become blocked a second time within 96 hours of being reinstated, they must take the machine to a commerical establishment and bring the receipt to the help desk before we will re-instate them on the network a second time. So far, it has worked quite well. Our only problem is with those establishments who only run a virus scan on the machines and do not check for evidence of compromise. Theresa Semmens, CISA NDSU IT Security Officer North Dakota State University Fargo, ND 58101 701.231.5870 Theresa.Semmens () ndsu nodak edu Less than 6 seconds The time it takes to compromise a PC, according to Vincent Weafer, the senior director of security response at Symantec Corp. Source: The Age This electronic mail message may contain privileged and confidential information. If the reader is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, or copying of this communication and any attached files may be strictly prohibited. If you have received this communication in error, please immediately notify Information Technology Services contact by telephone at 701-231-5870, or by reply e-mail, and permanently delete the message from your system. Receipt by anyone other than the intended recipient is not a waiver of any privilege or immunity. -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Wiseman Sent: Wednesday, October 06, 2004 11:07 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Compromised Windows Machine Remediation Hello, I am interested in hearing about experiences with 'cleaning' user-owned and managed computers. When a student laptop/desktop has been blocked from the network due to infection, what do they do? Do institutions provide a help desk environment where the work is done? or do they provide resources for the student for 'self-help'? Is the student on their own to resolve the problems? Is anyone using 'fee-for-service'? If so, what is the user guaranteed to receive? All of the above are used to some extent by departments here. This September, staff have been overloaded with repairing laptops. Also, with the implementation of network registration and patch status checking, sometimes the testing involved will fail on machines that are badly infected and we want to direct the users appropriately. Thanks, Mike Mike Wiseman Manager - Computer Security Administration Computing and Networking Services University of Toronto ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Compromised Windows Machine Remediation Mike Wiseman (Oct 06)
- <Possible follow-ups>
- Re: Compromised Windows Machine Remediation Theresa Semmens (Oct 06)
- Re: Compromised Windows Machine Remediation Jefferson, Ronnie V. (Oct 06)
- Re: Compromised Windows Machine Remediation Drews, Jane E (Oct 06)
- Re: Compromised Windows Machine Remediation Gary Dobbins (Oct 06)