Current measures and their effectiveness

Windows machines are scanned by ITSS whenever they are connected to the network. The scanning process checks to see if the current machine is vulnerable to various worms and viruses. If it is detected to be unpatched, the network connection of the machine is cut-off within minutes. This has proven to be effective in slowing the propagation of worms and viruses. However, it is not a bullet-proof solution since it does not scan for unknown vunerabilities.

Campus servers running different flavors of Unix and Linux operating systems have also been compromised. The raptor and firebird linux servers in sweethall are routinely updated with the latest patches. They also run a security-enhanced version of Linux called SULinux(a version of Redhat Linux modified by Stanford University staff). Despite all the precautions and patching done to such systems, they still got broken into early this year. The intruders replaced several system programs with their own and in a few cases installed network sniffer programs that captured a large number of account/password combinations.