1 / 21

Virus Protection in University of Windsor

Virus Protection in University of Windsor. Kelvin Hwang Client Support and Services ITS. December 3, 2004. 1. Worldwide Impact of Viruses. Source: Computer Economics, 2002-2003. 2. Current Virus Statistics on Campus. Servers (per day) - Normal: Total 50 – 80 viruses

zhen
Download Presentation

Virus Protection in University of Windsor

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virus Protectionin University of Windsor Kelvin Hwang Client Support and Services ITS December 3, 2004

  2. 1. Worldwide Impact of Viruses Source: Computer Economics, 2002-2003

  3. 2. Current Virus Statistics on Campus • Servers (per day) - Normal: Total 50 – 80 viruses - Virus Outbreak: Over 2,000 viruses • Work Stations - Monthly Infected clients: Normal: 150 – 400 Virus Outbreak: Over 600 - Quarantined Viruses Normal: 200 – 400 viruses per day Virus Outbreak: Over 10,000 within 1 hour

  4. 3. Reaction in ITS • Virus Protection Task Force was formed in October 2001 to determine campus-wide virus protection for servers and workstations • Trend MicroIncorporated was selected • First Virus Information Server was set up in 2002 • Current Virus Information Server was upgraded in March 2004 (H/W & O/S) • PC-cillin available to faculty and staff in 2002 • ServerProtect and OfficeScan were upgraded in September 2000

  5. 4. Current Products & Supports • ScanMail for Domino Servers (V 3.0) • ServerProtect (V 5.58) - 7 Novell Servers - 18 Windows Servers • OfficeScan (V6.5) - 15 Windows Servers - 2000 Work Stations • PC-cillin Internet Security 2004 - Laptops - Students, Faculty and Staff home PCs

  6. 5. ServerProtect Architecture IPX: Internetwork Packet Exchange SPX: Sequenced Packet Exchange RPC: Remote Procedure Call U of W Firewall TCP/IP Protocol Virus Information Server ServerProtect Novell Domain (IPX/SPX/IP) Windows Domain (TCP/IP/RPC)

  7. 6. Major Configurations • Download: Pattern Version, Scan Engine, etc. from Trend Micro Active Update Server every hour • Deploy updates to servers at 01:00 AM every day • Scan Options: - Real-Time Scan: On - Manual Scan: By Administrator - Task Scan: Every Friday 02:00 AM • Virus Handling: - All files less than 2 MB - Cleanable … Clean - Not cleanable … Quarantine in local

  8. 7. ServerProtect Control Console Example

  9. 8. OfficeScan Architecture U of W Firewall TCP/IP Protocol Virus Information Server OfficeScan IP/RPC IP/RPC

  10. 9. Major Configurations • Updates: Check updates from Trend Micro every hour • Client Deployment: Auto & Manual update • Scan Options: - Real-Time Scan: On - Manual Scan & Schedule Scan: By users • Virus Handling: Clean and Quarantine • Outbreak Prevention: - Block shared folders - Block ports - Deny write files and folders

  11. 10. OfficeScan Control Console Example 1

  12. 11. OfficeScan Control Console Example 2

  13. 12. OfficeScan Client Example

  14. 13. PC-cillin 2004 Architecture Trend Micro Active Update Server TCP/IP Protocol TCP/IP Protocol

  15. 14. PC-cillin Example

  16. 15. Current Limitations

  17. Web/Email Web/Email Diskettes Email Code Red Nimda Code Red Nimda Goner Goner Bubbleboy Melissa Love Letter 1997 1999 1998 2000 2001 2001 2002 2002 16. Virus Evolution Threats increasingly migrating to server and gateway

  18. 17. Other Threats

  19. 18. Enforce Protections Virus Virus Virus Virus Virus • Virus protection at firewall level needs to be improved • Other protection are required (Ad-ware, Spy-ware, Intruders)

  20. Questions & Comments?

  21. Appendix Start Y Malicious Purpose? Not a Malware N Y Code Replicates? Trojan Horse N Y Infects A carrier to replicate? Worm N Y Virus Y End

More Related