Posts by Ian Burke


Sophos Client Available for LIS Test

Categories: Midd Blogosphere

Dear LIS Colleagues:

As posted in the blog earlier this week. We are asking LIS to help us with a test of the Sophos deployment. Endpoint Protection Product. If each Windows user in LIS would please run the executable at the following link it will install the Sophos client onto your Windows system. It will also remove the Symantec anti-virus client from your system. There are some things you should be aware of in this process:

  • When Windows detects the uninstall of Symantec and that you have no anti-virus it will give you a warning. You should ignore this as you are in the process of installing a new package.
  • During the install process Windows Defender, if you have it running, may be disabled. If this occurs Windows will give you a warning. Please ignore this warning.
  • While you are at a state with no anti-virus Windows may offer you a link to install a new Anti-virus. These may also be ignored as you are in the process of installing Sophos.
  • The removal process for Symantec has been seen to take a protracted amount of time on some computers. You need to be patient. It is unusual but 10 minutes is a reasonable amount of time to allow for an install of this package. During this process some systems may stop responding at times.
  • When Sophos has been installed the Gold shield of Symantec will have been replaced with a blue and white shield of Sophos .

For additional information on Sophos check out the FAQ at http://go/itsecurity.

Please click here for the Sophos install package for LIS Windows Users:


Ian Burke


Sophos test planned for LIS this week

Categories: Midd Blogosphere

Dear LIS Colleagues,

This Thursday and Friday we will have representatives from Sophos here on site. They will be helping us to develop a deployment package for the client component of the Sophos Endpoint Protection product which we are using to replace Symantec Anti-Virus. As we complete the development of this deployment package and have tested it thoroughly, we will be initiating a test across the systems in LIS to ensure that the package works on a larger group of systems and also to start a larger test of the client here at Middlebury.

Later this week you will receive a second communication about this test effort and it will also include information about how you can help us to assess the impact of the client on your system and also the install process. For additional information about Sophos please see the FAQ  at http://GO/ITSECURITY. Also, feel free to contact LIS Security at or contact Ian Burke at ext. 5368. Thank you for your help and understanding with this process.


Ian Burke

LIS Network Security Administrator

Sophos Project Timeline

Categories: Midd Blogosphere

Dear Middlebury Colleagues:

To offer some additional information on the Sophos roll-out the following timeline has been proposed and will be followed by the LIS deployment team for this

  • Email will be converted to the Sophos solution the weekend of January 22, 2012
  • Testing will be conducted on individual systems through the month of January
  • Sophos engineers will be on site to help with a larger test group across LIS and to build a deployment agent on January 25 and 26th
  • Server deployment and will be conducted on test servers and production servers through the month of January and February
  • A second desktop test group will be identified and targeted for the end of January and beginning of February
  • Based on the conclusion of two successful tests deployment will continue to the remainder of the campus in February

If you are interested in being a part of one of the test groups, please contact LIS Information Security at If you would Iike more information about Sophos please check the Infosec web site at go\itsecurity or contact LIS Information Security.


Ian Burke

LIS-IT Security Administrator

LIS Replacing Symantec Anti-Virus with Sophos

Categories: Midd Blogosphere

Dear Middlebury Colleagues:

LIS is in the process of transitioning away from the Symantec anti-virus solution. We will start using Sophos Endpoint Protection to protect ourselves against viruses and malware. This is a product that has wide acceptance in Europe and is rapidly growing in  higher education and medium-sized businesses in the United States.

Sophos will initially mirror much of what Symantec offered with more thorough coverage of malware, web threats and other malicious content. We will also be offering Sophos to those students that are interested. Sophos Endpoint protection also offers an additional collection of features, such as data classification, device control, mobile device management, and patch monitoring, and we may start using those new features in the future.

Over the next month LIS will be testing installation with subsets of the campus, with a plan to then begin a campus-wide deployment in February. As we move forward additional information will be provided to the campus community. Please feel free to contact LIS Security ( x5368) with any questions.

For additional information see:

Ian Burke
LIS Network Security Administrator

Epsilon Security Breach and New Spam

Categories: Midd Blogosphere

On March 30, 2011, one of the largest clearinghouses for email, Epsilon, was breached. This company services customer mailings for companies ranging from Target and L.L. Bean to CITI and Capitol One. There were a total of 36 or more large customers of Epsilon that had their records compromised.

You may ask what the impact of this is on you. No credit cards or Social Security numbers were lost in this breach. But with the huge numbers of email addresses that were lost we can expect a large increase in spam and phishing attacks. To be clear, spam is junk mail sent through email. A phishing attack is spam that is trying to gather information about you. Phishing attacks can look very real. It may look like an email from your bank with a link to customer service or an advertisement from your favorite store with a link for a coupon deal. We have already seen some from this breach. There are reports of emails claiming to be from some of these vendors with links in the emails that are supposed to direct you to a website that will offer more information on the breach. The links actually download malware to your system. The information security community expects to see a lot more of this type of activity.

How can you protect yourself? If you get an email that has an attachment in it that you were not expecting, delete it. If you get an email in it with a link to a web site or another reference from which you do not know the source, delete it. Do not forward emails with attachments or links; these should be in an original email. Do not forward jokes or other types of email that might be caught in a spam filter. Limit to whom you provide your email address.

Remember that Middlebury and your own personal spam filters and junk mail folders may start to see an increase in spam and junk mail in the coming days due to this breach. Please be patient with us as we navigate through this time, and help us by watching for these suspicious emails and using appropriate precautions.

PCI and Blocked Email Messages

Categories: Midd Blogosphere

The Payment Card Industry Data Security Standard (PCI DSS v2.0) is a standard that has been accepted by all major credit card companies and most credit providers. It is a standard that we must abide by if we are to accept credit cards as a form of payment. PCI DSS is broken into 12 requirements; each focusing on a different domain of security.

While PCI DSS is not an actual law, it is a standard enforced by the credit card industry, and the banks have stated and upheld the policy that they will no longer accept business from non-PCI compliant merchants. The government has used the PCI DSS as a yardstick by which they have measured such regulations as Gram-Leach-Bliley, Sarbanes-Oxley, and most recently the drafting of the Data Accountability and Trust Act.

We employ a device called a Barracuda here at Middlebury which helps us prevent SPAM from flooding our email system. Just shy of a year ago this system was updated to enable it to filter on cardholder information. By default this feature was turned on. We have left this enabled and have begun reporting on these blocked messages and alerting the senders of outbound messages.  The Barracuda is intended to serve both as a SPAM filter and a compliance tool.