HSCS Network

1
HS/CS Network Desktop Update

4/20/04 Rich Shelley Health System Computing
Services
2
Agenda

• Secured Wireless Network
• Administrator Rights on the Desktop
• Spyware
• Spam
• Next Steps

3
Wireless Secured Network

• TCV pilot live on March 30, 2004
• 4 carts with 2 laptops and 2 tablets
• 13 access points to cover TCV step down unit
• Provide MIS and CAS access
• Design parameters
• Secured access to SCSN only (managed devices)
• Frequency that does not interfere with telemetry
• Encrypted transmission (HIPAA compliant)
• Roaming without disruption
• Monitoring for jamming or other network problems
• Redundant switches for reliability
• Future Evaluate user impact and achievement of
  design objectives to plan further roll out.
  Pilots include Pediatrics, 3W, 5C, and Digestive
  Health, Surgical Suite, PCC Family Medicine

4
What are Administrator Rights?

• Administrator Rights on a PC allow the user full
  control - to be able to install any software,
  change settings, and remove software
• Why are Administrator Rights requested?
• Some software must be installed under the users
  account to function-- rights were requested to
  install 375 different software packages and
  devices used by UVA HS staff in past 3 years
• Some software requires Administrator rights in
  order to run
• Some users wish to customize their PC
• Laptop users may need admin rights for full
  functionality while traveling
• Some users simply demand full control over their
  PC

5
What are the issues with Administrator Rights?

• Installation of unsupported software or Spyware,
  or reconfiguration of PC, can cause loss of user
  productivity due to PC slowness, instability,
  pop-up ads, and other PC desktop problems
• Significant cause of Help Desk trouble calls
• Unsupported software installed can allow network
  intrusion, network slowdowns, and viruses

6
Administrator Rights Scope
of the Problem

• 2366 (24 of all) Users have Admin rights on one
  or more PCs
• 933 users given permanent rights
• 1433 users given temporary rights, and never
  removed them
• 2239 (30 of all) PCs have at least one user with
  Admin Rights
• 885 installations of common Spyware packages on
  340 (15 of all) PCs where users have Admin
  Rights

7
Typical Trouble Callscaused by Admin Rights abuse

• User upgrades IE from Microsoft web site-
  corrupts Java Virtual Machine needed by CAS PC
  needs to be rebuilt to resolve
• User installs NetScape- conflicts with IE and
  various UVA web sites that use IE, can introduce
  security exposures
• User installs HotBar- all e-mail messages sent by
  user encourage others to install HotBar user
  tries to print email with Hotbar graphics and
  Network printer hangs for all users HS/CS must
  clear print queue
• User (either intentionally or unknowingly)
  installs Spyware software- PC becomes slow or
  unstable, or pop-up ads begin appearing
  frequently, HS/CS spends an hour or more removing
  Spyware, or rebuilding PC

8
Typical Trouble Callscaused by Admin Rights
abuse (cont.)

• User changes desktop settings or operating system
  settings which cause supported applications to
  fail, or system to become unstable or drop off of
  the network HS/CS must reconfigure or rebuild PC
• User Installs Kazaa, PC begins transferring music
  files to/from the Internet, consuming significant
  network bandwidth and leaving UVA HS open to
  potential lawsuit from Music industry HS/CS must
  locate and remove software

9
Spyware

• Definition Spyware (also called Parasiteware)
  is software that is installed on a computer,
  which you may or may not have asked for, and
  which does something you probably dont want it
  to, for someone elses profit.

10
Spyware Installations at UVA
11
Spyware at UVA HS- Sample Case
All Discovered Software
Spyware and other unauthorized software Starware
Toolbar RealOne Player Howling in the Snow Snow
Wolf Wild Tangent Web driver Quicktime Shockwave P
etlove promotions RealArcade AOL Instant
Messenger ViewPoint Media Player Comet
Cursor Gamebar Toolbar for IE Speed Hang
Stan Hotbar Shopper Reports Feeding Frenzy

12
Spyware at UVA HS- Sample Case
HelpDesk calls on current PC

13
Spyware at UVA HSHotBar

• Marketed as a program to add graphics to IE
  toolbars and Outlook email Advertised through
  junk e-mail purporting to be a Microsoft upgrade
  to Outlook. Once installed, all email sent by
  the user advertises this upgrade to recipients.
  Often causes printer support calls.
• Effects
• Advertising
• HotBar's toolbar grows buttons on the left-hand
  side leading to advertisers' sites dependent on
  the site you are currently viewing.
• Privacy violation
• HotBar sends the address of every web site you
  visit to its controlling servers along with a
  unique ID that would enable your web usage habits
  to be tracked. Some sites are monitored more
  closely, with full URLs and/or data entered into
  forms being sent to HotBar
• Security issues
• Hotbar can silently download and execute
  arbitrary code from its controlling server, as an
  update feature
• Installed on 334 PCs

14
Spyware at UVA HSGATOR

• Was distributed as part of Gator eWallet,
  an application used to fill in web forms. Also
  widely bundled with third-party software,
  particularly peer-to-peer file-sharing programs.
  
• Effects
• Advertising
• Pop-up advertisements appear periodically while
  IE is in use.
• Privacy violation
• Every time a new site is visited, the address of
  the site is reported to Gator's servers, with a
  unique user ID which can be used to track your
  web usage.
• Security issues
• Gator can download and execute arbitrary code
  from its controlling server (as an update
  feature). An early version of Gator has a
  critical security flaw, allowing any web page to
  download and execute code from anywhere, with no
  security checks
• Installed on 161 PCs

15
Spyware at UVA HSnCase

• Bundled and installed with a large number of
  shareware packages, and also installed just by
  visiting certain web sites once installed always
  runs in the background, displaying advertisements
  and capturing information.
• Effects
• Advertising
• Looks for known URLs and keywords in URLs, and
  opens pop-up advertisements targeted at such
  sites. Also opens other pop-up ads at arbitrary
  times during IE usage. Can add shortcut icons to
  the Start menu and Desktop.
• Privacy violation
• Web usage is tracked across sites. Newer
  versions of the software also attempt to read
  from Outlook an e-mail address, real name and ZIP
  code to associate with this web usage
  information.
• Security issues
• nCase can download and execute arbitrary unsigned
  code from its controlling servers, as an update
  feature.
• Installed on 54 PCs

16
March Spam Statistics Current server at
capacity, adding a second server
spam viruses
total
Eliminating 2 million messages per month and
growing
17

Next Steps

• Removal of all temporary Admin Rights which
  have expired- beginning April 23
• Precede with e-mail notification
• According to our records, you have received
  temporary Administrator rights on the following
  PCs. The expiration date for those rights has
  passed, so HS/CS will be removing these rights
  one week from today.
• Should you require Administrator Rights in the
  future, please contact you departmental IT
  support (if available), the HS/CS Help Desk at
  924-5334, or submit a Service Request via the
  HS/CS Web Site at http//www.healthsystem.virginia
  .edu/mcc/mcc/OnlineForms/formSvcReq.cfm for
  assistance

18

Next Steps (cont)

• Review of all permanent Admin Rights for
  removals
• Review all rogue Admin Rights for removals
• Establish more stringent procedures for granting
  and logging of Admin Rights
• Removal of all found Spyware
• Establish periodic monitoring and eradication of
  Spyware (as is now in place for virus software)

19

Questions Comments