Here are our numbers: http://www.news.wisc.edu/ucomm/facts.html
That's about 55,000 people across 220 buildings that are spread out throughout the city. The gist of what you describe is good practice, but I gather it's almost impossible to do globally. At least here it seems to be handled more on a building/school basis. Then again, I'm not a network/server guy so I don't know the details of how they run things. But we made the local news, and according to the story, there's something like 2,000 infected systems on campus. http://www.channel3000.com/news/2420102/detail.html -Kevin ----- Original Message ----- From: "Josh Remus" <[EMAIL PROTECTED]> To: "CF-Community" <[EMAIL PROTECTED]> Sent: Wednesday, August 20, 2003 4:00 PM Subject: RE: Clean off > Small. Is it that obvious from my post? ;P Less than 100 pc's. But within > reason, I'm not sure why everything wouldn't scale up if everything were > done properly. Understandably, the bigger your network, the more complex > your needs, but the below items SHOULD (and I say should with the little > quote marks around them) work for any size network. > > Josh > > > -----Original Message----- > > From: Kevin Graeme [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, August 20, 2003 4:02 PM > > To: CF-Community > > Subject: Re: Clean off > > > > > > Just out of curiosity, how large is your network? > > > > -Kevin > > > > ----- Original Message ----- > > From: "Josh Remus" <[EMAIL PROTECTED]> > > To: "CF-Community" <[EMAIL PROTECTED]> > > Sent: Wednesday, August 20, 2003 1:47 PM > > Subject: RE: Clean off > > > > > > > I thought I would spend a few seconds responding to this. To be honest, > > I'm > > > always amazed that there are so many professional groups (whether it be > > > businesses, government organizations, universities, etc.) that > > are hit by > > > problems like this. I suppose universities & their student's computers > > are > > > a different question. > > > > > > What we do is: > > > 1. Everything is behind a firewall that is very tightly managed. All > > > externally-accessible boxes (such as web server, mail server, > > etc) are in > > a > > > DMZ, but still firewalled except for ports that required access (80, 25, > > > 110, etc). Hence, no vulnerability to port 135 (blaster-esque) attacks, > > > etc. > > > 2. We run Patchlink Update with regular pushes to keep all workstations > > and > > > servers updated. This software has been a godsend since implementation. > > > 3. We run Norton AntiVirus Corporate Edition on all servers and > > > workstations with a AntiVirus server. It downloads virus updates every > > > evening and the clients all grab it. > > > 4. We run SpamAssasin & an AntiVirus package on our Mail server. That > > > antivirus is updated hourly, and hasn't (knock on wood) missed a single > > one > > > since we've brought it online. It also filters a whole host of > > attachment > > > extensions that we don't allow. > > > > > > With all of this, we feel pretty happy. I'll never rest on my > > laurels, or > > > assume we can't get caught still, but this puts us in pretty good shape. > > > > > > My 2 cents. > > > > > > Josh > > > > > > > > > > -----Original Message----- > > > > From: Heald, Tim [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, August 20, 2003 12:29 PM > > > > To: CF-Community > > > > Subject: RE: Clean off > > > > > > > > > > > > Thankfully between gov't email and speakeasy's amazing services I am > > > > relatively untouched by the madness around me. > > > > > > > > How bad is it for other people? I am writing a special topic > > > > paper on soBig > > > > and the blaster variants, and tying it into change/patch management > > > > practices. I would really love to hear back from anyone that's been > > hit, > > > > about how they have dealt with it. Also those that weren't affected, > > what > > > > practices and policies do you have in place to help you mitigate > > > > some of the > > > > threat? > > > > > > > > Thanks, > > > > > > > > Timothy Heald > > > > Information Systems Specialist > > > > Overseas Security Advisory Council > > > > U.S. Department of State > > > > 571.345.2235 > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > Sent: Wednesday, August 20, 2003 12:26 PM > > > > To: CF-Community > > > > Subject: Clean off > > > > > > > > > > > > I'm assuming everyone is covered by spam at the moment can can't post. > > If > > > > so, > > > > how about using CF to do your cleanup for you. Use CFPOP to > > get all the > > > > headers > > > > from your mail box (or maybe the first 20-50 at a time) and then run > > this > > > > against the returned query: > > > > SELECT Subject > > > > FROM Spam > > > > WHERE (DomainChecked = 0) AND (Subject LIKE '%Thank you%' OR > > > > Subject LIKE '%Approved%' OR > > > > Subject LIKE '%Details%' OR > > > > Subject LIKE '%Wicked screensaver%' OR > > > > Subject LIKE '%movie%' OR > > > > Subject LIKE '%your application%' OR > > > > Subject LIKE '%attachment%' OR > > > > Subject LIKE '%failure%' OR > > > > Subject LIKE '%failed%' OR > > > > Subject LIKE '%returned%' OR > > > > Subject LIKE '%virus%') > > > > ORDER BY Subject > > > > Anything that comes back can be routed to the screen so you > > can view the > > > > subject > > > > and other info. If its spam, just tell CFPOP to delete it. > > Saves on the > > > > downloading and can even be automated more. > > > > If you have access to your mail server, I've got an additional script > > > > suggestion > > > > that'll do the job automatically by detecting any mail files with > > > > viruses in > > > > them. Just needs CF, CFDIRECTORY, a CFX and a CFIF. > > > > > > > > Michael Dinowitz > > > > Finding technical solutions to the problems you didn't know > > you had yet > > > > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:5 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:5 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
