Giving Network Demons the Boot
Can corporate IT administrators learn a lesson from two colleges that stopped virus attacks in their tracks?
And it stayed down for a week.
So while students should have been starting their homework and professors should have been digging into their course work, not much was getting done. IT workers at the college had to stop whatever projects they were working on to not only clean up the servers but to individually visit the school's 1,100 students and clean the viruses off their machines.
''It was definitely a nightmare,'' says Deborah Gelch, chief information officer at Lasell College, a liberal arts school running 28 Windows NT servers, 400 faculty and staff desktops, and 10 wireless access points. ''Last year was a disaster... It was a critical time for students to start their homework and get onto email. They're already nervous about school and now they can't get onto the network. It was a panicky situation.''
With the help of Perfigo, Inc., a San Francisco-based network security company, getting this fall's crop of students online was a much easier process.
''What happened this year is exactly what was supposed to happen,'' says Gelch. ''Students couldn't log onto the network until their machines were clean and they had updated anti-virus software and were patched for Windows vulnerabilities... The network ran perfectly through the whole process.''
Perfigo, which has a significant presence in the academia world but is looking to break into the corporate arena, won't allow new accounts to access the network until they've met a few requirements, which are set up by the IT administrator. For instance, a student or new employee would not be able to get onto the network until the desktop or laptop is scanned to make sure that it has up-to-date anti-virus software and the latest patches, and isn't carrying any viruses. If it doesn't meet those criteria, the user is then walked through the needed processes.
Rohit Khetrapal, president Perfigo, says the issue that the college had translates into the corporate world, as well.
''The issues are the same,'' he says. ''You have guests -- consultants, partners -- coming in and out of the network and you don't have control over their laptops. If you want to be on my network, you must correct this infection in your machine. I see who you are and I will give you access into your email, but I will not let you on my network. I will keep you on an isolated network that does not touch my environment in any way, shape or form.''
Khetrapal says partners, clients, big customers and consultants all are prime candidates to carry a virus or Trojan onto the network.
But Gordon Haff, an analyst at Illuminata, an industry research firm based in Nashua, N.H., says scanning laptops might become an issue when the user isn't an employee and she has proprietary or confidential information on her machine.
''From the network that's doing the scanning point of view, it's a level of security. From the scannee's point of view, though, they would have some legitimate concerns about that being done,'' says Haff. ''As consultants we have confidential client information on our system, and it would not be appropriate for competitors to look at our systems.''
Khetrapal says it's a problem that can be worked out.
''You're doing a vulnerability assessment. You're not looking at their machine in any way shape or form,'' he points out. ''Is this machine blasting something malicious? Is there a port open? Is this machine vulnerable? You're looking at the behavior from this machine and you're not looking at data.''
Weeding out the Bugs
At Anderson University, a 2,500-student college in Anderson, Indiana, the network administrator was able to actually focus on his real job this fall instead of running interference on the network and with several thousand angry and petulant students.
Last fall, Anderson's network administrator Stuart Hilbert was left wrangling with a harsh Blaster attack, which plagued his network through most of the school year. Knowing that Blaster was a major problem, Hilbert's IT team asked students to bring their machines into the IT department to have them scanned before they went online. Only about 600 of the 1,400 on-campus students with laptops and desktops did so.
The other 800 students ignored warnings and heavily infected the school's network.
''It got to the point where I was working all the time,'' says Hilbert. ''I would walk in and head out to the dorms to find people and get them patched. And that wasn't my job. It was nobody's job. As we did that, we started neglecting other things. My job last year was to manage the help desk and get all the faculty and staff machines and printers working. They began to suffer, and then tickets start to pile up on you. It was a lose-lose battle.
Hilbert says the problem probably cost the college more than $200,000, not to mention the added stress and diverted attention.
This year, though, it was a whole different battle.
Hilbert was using Perfigo, so students weren't able to get onto the network until their systems had been scanned and OKed. This time, there was no way to ignore the IT department. This time it wasn't a request.
''We've been so much more able to control the environment, it's unbelievable,'' says Hilbert. ''Five days in, we had 90 percent completion of the process, and we'd been hoping for 85 percent or 80 percent. Most of that was done by the students. We weren't spending time in their dorm rooms this year.''
Both Anderson and Lasell colleges have set up Perfigo to rescan the students' computers on a periodic basis, keeping them up-to-date with the latest patches.
''As far as our responsibility to provide a smooth running network, we were able to do that no problem,'' says Gelch. ''And now our students are much more educated on how to manage their own computers.''