During the Fall of 2004 OIT deployed an appliance, known as an Intrusion Prevention System (IPS), by the vendor Tipping Point. This appliance works from a list of established rules that are updated daily in a method similar to the virus detection files which are updated by McAfee. The purpose of this device is to prevent known worms, viruses, spyware and adware from entering or leaving the campus.
We have been running the IPS since then with great success primarily targeting worms and viruses. To date it has saved IT staff immense amounts of investigative time that was being spent tracking down and disinfecting hundreds of machines on campus annually.
At the beginning of this Fall OIT enabled the Spyware and Adware rules on the Tipping Point appliance. Our goal in all of this was to prevent the accidental exposure of non public information from campus machines. This too has been quite successful. Attached to this blog you will find a PDF report of the number of times each of the top ten Spyware rules has been triggered (i.e. blocked something).
You can see from the report that there are a significant number of times each of the top ten Spyware rules have been triggered. There are few basic things you can do to protect yourself. Click Here to see the PDF Report.
• Patch Your Machine
• Install McAfee AntiVirus (Make sure it is set to update daily)
• Make sure there are no blank passwords on your machine
• Install Spybot Search and Destroy
For more information on how to get these applications or how to use them please visit
http://www.umbc.edu/oit/sans/security/awareness/index.html