MMM Minutes 02/05/04

Minutes of Smathers
Middle Manager's Meeting
February 5, 2004

Present: Shelley Arlen, Denise Bennett, Gary Cornwell, Robena Cornwell, Carol Drum, Leilani Freund, John Ingram, Iona Malanchuk, Tom Minton, Cathy Mook, Richard Phillips, Carol Turner
MyDoom Malware
  1. MyDoom is yet another variant of the worm viruses. It is spread primarily via email. It opens up your computer to a takeover.
  2. It can take your email address and every other one in your address book - open up a mail server, sending mail out. It looks like the mail came from you or other people in your address book.
  3. It can send out unsolicited email and SPAM. It can also initiate a DOS attack.
  4. MyDoom has been targeting Santa Cruz Operation and Microsoft. Santa Cruz has been forced to change their Web address. Microsoft switched some servers around – they have basically felt no effect.
  5. The best protection? A good virus scan. We have had no active infections in the Library. All incoming infected email has been caught and removed at the server level.
  6. Our anti-virus vendor had the updates instantaneously, so we were able to get then on the machines in a hurry.
Centralized Update Software
  1. Our centralized anti-virus pushing software is working well.
  2. We’ve also installed patch-pushing software for MS updates. We’ve been using it for the past 2-3 updates and it is going well.
  3. There is a hole in IE right now – the latest update addresses the problem. The fix may result in certain Web sites not functioning as they did in the past. The problem is on their end – not ours.
  4. We need access to these computers for the push to work. 20% of the machines are still not being left on. All machines must be left on so we can push these patches and updates in the off hours.
  5. We also have a backlog of dead addresses. So, by leaving the machines on, we’ll be able to get rid of dead IDs. If we push a patch out to a machine and it’s not there, we’ll remove that machine from the network. This will prove inconvenient, but hopefully will motivate people to leave their machines turned on. The monitor can be turned off, but the CPU must be left on.
  6. Will liaisons be informed prior to removing the machine from the network? We will let people know that it is going to be removed. Machines should be left on, even if there is no one using it. It should be locked – but the CPU should be on. All computer screen savers should be set to lock up within 5 minutes.
  7. Before the patch pushing software, security had to be taken down on the public machines before the virus scan would update. It should be auto-updating now, provided the machines are set up properly.
Information Technology Draft
  1. A handout of the Information Technology Implementation Standards: Minimum Security for Managed Nodes and Services was passed out to all meeting attendees.
  2. Discussion of the essential points of the draft. More than likely, this is soon to become policy. Items highlighted: essential vs. non-essential network use, replacement of machines unable to provide automated authentication of access (WIN’95 &WIN’98), minimizing interdomain trust relationships, authentication of all user mail servers as well as legal and secure use of software.

Back to the Systems Homepage

Last updated February 6, 2004
by Debra Fetzer