Intrusion detection: it's not just about viruses
|
Alert the Service Desk if you think malicious forces are besieging your computer. |
Most laboratory users are well aware of the virus-checking applications that run on their laptops and desktops to detect and remove harmful software. But a single weapon is not enough. Instead we rely on defense in depth, which makes use of a variety of applications at many levels to protect lab computers and data.
One such level that may be less apparent is intrusion detection software, a commercial product from SourceFire that inspects network packets both entering and leaving the lab network using a constantly updated set of signatures to search for harmful content. Recent upgrades have allowed us to extend the use of this software from selected laboratory networks to the entire lab.
This software is sensitive both to incoming packets aimed at infecting your systems and to outgoing packets indicating that there may already be something installed on your computer that doesn't belong there. Such undesired installations may be a traditional virus infection or a Trojan program that virus scans might not detect. But these days it is more frequently an unintended toolbar or advertising banner that can deleteriously affect your computer's performance or transmit information about your computer usage habits to the outside world.
So please cooperate if you receive notification that some suspicious software has been detected on your computer. The Service Desk can help remove any uninvited visitors to your system and restore it to optimum performance.
—Irwin Gaines
|