Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Virus

Virus

Computer Security Tips

by

Here are some simple steps each computer owner can take to protect computer systems and data at UCI.

Abide by Departmental Security Standards:

  • Check with your local computing supporter to be sure you are using departmentally approved network settings, security tools, and network services.

Physical Security for Computer Users:

  • Lock your office.
  • Put diskettes and CDs in a locked box.
  • Secure computers (especially laptops) to a non-movable piece of furniture or lock them in a drawer when not in use.
  • Never leave your laptop unattended in public places.

Remote Access:

  • Tools such as PC Anywhere expose your computer to additional security vulnerabilities and are not recommended.
  • Some users can get the remote access functionality they need through the use of the campus Virtual Private Network (VPN).
  • Users who require the facilities of Microsoft Networking are encouraged to use Microsoft Remote Desktop (called Terminal Server in Windows 2000.)

More information: http://www.nacs.uci.edu/news/2003.1.html#1

Don’t run unneeded network services:

  • It is important to turn off all non-required ports on your system.
  • Don’t run a Web server which is built-in unless you have a need to do so.
  • To see what is open on your system run the “Shields Up” program at https://grc.com/x/ne.dll?bh0bkyd2 then click on “Test My Shields” and “Probe My Ports”.

Personal Virus Scanners:

  • Obtain updates on a regular basis.
  • Keep subscription to updates current.
  • Set to Auto-update on a weekly basis, if available.

Please note: NACS continues to scan incoming e-mail for viruses and cleans up infected messages. This protection is available only to messages sent to @uci.edu addresses. (That is, people who receive email addressed directly to their own mail servers do not receive this benefit.)

More information on Virus Scanning: http://www.nacs.uci.edu/email/virus-scanning.html

Encrypt network traffic:

  • VPN – When using network resources and applications where a password is requested, NACS recommends use of the VPN Off-campus and wireless traffic is especially vulnerable to “sniffing,” the practice of invisibly capturing, reading, and retransmitting network traffic. 
    More information: http://www.nacs.uci.edu/news/2002.10.html#1
  • SSH – Secure shell (ssh) is an encrypted alternative to telnet and remote shell (rsh), wherein each packet is encrypted from the source to the destination. This prevents your communications (including passwords) from being “sniffed” while in transit. Using SSH insures that your data packets are only readable by you and the computer to which you are connecting. 
    More information: http://www.nacs.uci.edu/support/sysadmin/ssh_info.html

IM Chat:

  • IM Chat (also known as Instant Messaging) is a popular, but non-secure form of electronic communication.
  • Turn off all Terminal Services.
  • Turn off all File Sharing.
  • Check the settings in your Buddy List.

Security Planning Stops Two Attacks

by

Network-based attacks are in the news with increasing frequency. Among the preventative steps NACS takes is to close network “ports” used by these attackers. Two recent examples are “Messenger spam” and the “SQL Slammer Worm.”

The Windows Messenger Service is a normal part of the Windows Operating system, intended to allow system administrators to communicate with computer users. But hackers have figured out how to send pop-up ads to your computer, without your permission, using this same mechanism. Once NACS closed the Messenger network port, UCI computer users could no longer be reached by these innovative spammers.

The weekend of January 25-26, thousands of computers and networks around the country were disabled by the SQL Slammer Worm, aka “Sapphire,” which attacks computers through the MS SQL service. Vern Paxson of LBNL reports,

“This worm required roughly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.”

UCI users hardly noticed the attack that crippled other campuses, and even parts of Microsoft itself, because NACS had previously closed the SQL network port used by the worm (following advice from Foundstone, one of UCI’s security partners).

Anti-virus Mail Scanning

by

Several changes to the campus electronic mail delivery system have been made recently to improve network security, without adversely impacting performance.

The number of computer virus infections has been steadily increasing over the past several years and is continuing to rise. Many computers are lacking the necessary virus detection software and do not have the most recent security patches to prevent virus infection.

NACS has therefore modified the campus Mail Transfer Agent computers (MTAs) to employ software called “MailScanner” and “Sophos Anti-Virus Interface” (SAVI) to limit the number of viruses campus personnel receive via e-mail.

MailScanner is software which examines every e-mail message coming onto campus. If the message has an attachment, it hands the attachment to SAVI, which tests the attachment to see if it carries a virus. Details of these mail processing steps are available athttp://www.nacs.uci.edu/email/virus-scanning.html The database SAVI uses to identify viruses is automatically updated every night.

The campus receives approximately 180,000 messages a day, and to compensate for the additional computation represented by MailScanner and SAVI, the MTAs have been upgraded to new SunFire 280R systems. In the first few weeks of use, MailScanner and SAVI successfully deflected 10,000 viruses a day, representing about 7% of the total mail volume the campus receives. 75-80% of those viruses have been “Klez” which is particularly harmful as it disguises the actual sender of the attachment. Because of this, some people on campus have been warned they sent viruses that they were not, in fact, responsible for. NACS has decided to temporarily cease issuing notifications to senders of viruses, due to the confusion this causes.

While e-mail is the most common way of getting a virus, and while the new system limits e-mail borne viruses from off campus, individual owners should remain actively involved in the protection of their systems from viruses. Seehttp://www.nacs.uci.edu/security/virus.html for more information.

Future efforts will include an assessment of the feasibility of removing Unsolicited Commercial Email (UCE or Spam). Comments are welcome: nacs@uci.edu