When classes began this year at the University of California, Berkeley, its network was in for a shock. Along with...
the invasion of new freshmen came an invasion of network viruses.
The Nachi worm, also known as Welchia, wreaked havoc on the university's network. Its wireless LAN was hit particularly hard because its throughput is much more constrained than the rest of the network, said Christopher Chin, the university's "network exorcist."
"Virus activity took up all of the available bandwidth; the wireless network was crippled," Chin said.
Chin sought help from Vernier Networks Inc., since the Mountain View, Calif.-based wireless infrastructure vendor was already providing some of the monitoring products used on the university's Wi-Fi network.
The university used the company's new product, the Vernier Virus Filter, which is designed to help organizations clean up after a virus or worm attack.
With Vernier's help, Chin was able to identify traffic patterns coming from the infected computers and plug that data into the university's wireless gateway. Network packets from those machines were then dropped from the wireless network.
The department was then able to address the machines that were generating the corrupt traffic by placing them in a separate user list. When they tried to log on to the network, they were denied access. They were then directed to a Web page that informed them that their machines were infected and told them what steps they needed to take to patch their machines.
"This approach is very useful for viruses that have traffic patterns that are distinct from regular Internet traffic," Chin said, because not only does it protect the wireless LAN, but it also offers diagnostic information.
"This is just another layer that helps IT managers get broader control over their networks. What's needed next is something that spans both wireless and wired [networks]," said Chris Kozup, a program director with the Stamford, Conn.-based research firm Meta Group.
Vernier pursued this application because mobile devices are more vulnerable to viruses than PCs, which never leave a desktop or the home network, according to Dominic Wilde, Vernier's senior product marketing manager. Wireless devices, particularly those at a university, are always accessing different networks with varying levels of security, making them more susceptible to worms and viruses. Making matters worse, users don't always update their antivirus software, Wilde said.
Vernier's product dramatically reduces the work involved in determining who is infected, he added. IT department no longer have to do a manual audit of users, he said.
FOR MORE INFORMATION:
Download our white paper on e-mail system threat and defense.