Re: Security v. Privacy (was Re: Is there anything that actuallygets users to fix their computers?)

On Sun, 5 Oct 2003, Jamie Reid wrote:
Did the users actually believe you when you told them their computer had a worm? How many times did you disable the same user's network access because they didn't actually fix their computer but told you it was fixed? But I have a really important document that has to be sent right now, and I can't wait to fix the computer.

<quote who="Sean Donelan">
Did the users actually believe you when you told them their computer had a worm?
Ours did. They knew there was a worm "going around." This was all happening around the time of freshmen "move-in" so lots of parents were around. It was more difficult to convince some parents that despite the fact that their kid's new laptop just came out of the box and onto the network it was already infected.[*]
How many times did you disable the same user's network access because they didn't actually fix their computer but told you it was fixed?
Just once, if they weren't patched they were automatically turned down again. (automated, not human processing)
But I have a really important document that has to be sent right now, and I can't wait to fix the computer.
Three things to solve: pencil, paper, skateboard/rollerblades/feet. :) -davidu [*] There was unfortunately a couple of flaws in our handling of the blaster worm. We have an unroutable DHCP'd zone on our network which was leaving room for new users to be infected. They would be unable to get a valid IP but clean machines on the unroutable network could be infected. If our monitoring was at the switch level as opposed to the DHCP level this would not have occured. Lesson learned (well, probably not, but learned for me at least). :( ---------------------------------------------------- David A. Ulevitch Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------

On Sun, 5 Oct 2003, David A. Ulevitch wrote:
Forever? So the student can never use the university network again for as long as he or she remains at the school? Even if he or she promises the computer is really fixed this time?

<quote who="Sean Donelan">
Every dorm has a "residential computer consultant" who can throw the student's MAC_ADDR into a form and have it removed from the blocks. Doing this let's them get a routable IP address again. If they are still spewing traffic or other ungoodness they are blocked within a couple minutes. The students *want* to get their machines fixed when the realize thay lying about fixing it doesn't work. -davidu
---------------------------------------------------- David A. Ulevitch Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net ----------------------------------------------------
participants (2)
-
David A. Ulevitch
-
Sean Donelan