Network security: unwelcome visitors: campus networks are still highly susceptible to outside attack, and there's no shortage of hackers lying in wait. (Special Section: Security).Campus network administrators dread the sixth day of odd-numbered months, and their fear has nothing to do with a full moon, or with superstition. That's the day a malicious "worm" called W32.E.Klez, lying dormant deep within the recesses of the operating system, wakes itself to wreak havoc on computers. "Klez" not only destroys documents by overwriting Overwriting An options strategy that involves the sale of call or put options on stocks that are believed to be overpriced or underpriced. The options are not expected to be exercised. Notes: Also referred to as overriding. data with strings of zeroes, but using innocent-looking subject lines for unsuspecting recipients, it also copies itself to networks and e-mail messages. Since it was first identified in January of this year, more than 1,000 incidents of the tough-to-eradicate worm have been reported at businesses and campuses nationwide, including Yale University and Carnegie Mellon University Carnegie Mellon University, at Pittsburgh, Pa.; est. 1967 through the merger of the Carnegie Institute of Technology (founded 1900, opened 1905) and the Mellon Institute of Industrial Research (founded 1913). , where IT staff were on the alert to stop it before serious damage was done. In fact, it is a heightened awareness of cyberterrorism See cyberwar and information warfare. and a prevalence of e-mail-borne viruses such as Klez, Code Red, or Nimda that has made network security services Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. NSS provides a complete open-source implementation of crypto libraries supporting SSL and S/MIME. one of the fastest-growing segments in the business of higher education. But the growing incidence of network attacks are only a symptom of a larger problem that schools everywhere must address: How to balance a) the desire to keep an open, information-sharing environment, with b) the need to protect the integrity of--and the investments in--the infrastructure. DAUNTING daunt tr.v. daunt·ed, daunt·ing, daunts To abate the courage of; discourage. See Synonyms at dismay. [Middle English daunten, from Old French danter, from Latin NUMBERS Cyberterrorism experts say that the rapid growth of the Internet has led to an enormous increase in the likelihood of attacks on network systems in business and education. Consider these numbers: * 673 million. The number of worldwide Internet users the Computer Industry Almanac almanac, originally, a calendar with notations of astronomical and other data. Almanacs have been known in simple form almost since the invention of writing, for they served to record religious feasts, seasonal changes, and the like. (www.c-i-a.com) estimates there will be by the end of this year--200 million more than at the beginning of 2001. * 2,437. The number of system vulnerability reports that CERT, the Computer Emergency Response Team (www.cert.org) at Carnegie Mellon, noted in 2001--up from 1,090 the year before. * 52,658. The number of network "incidents" CERT recorded in that same year--an astonishing a·ston·ish tr.v. as·ton·ished, as·ton·ish·ing, as·ton·ish·es To fill with sudden wonder or amazement. See Synonyms at surprise. jump up from 21,756 the prior year. Many of these incidents are the work of what Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, calls "script kiddies." Script kiddies are a form of hacker, says Vatis, but, "the level of skill and sophistication so·phis·ti·cate v. so·phis·ti·cat·ed, so·phis·ti·cat·ing, so·phis·ti·cates v.tr. 1. To cause to become less natural, especially to make less naive and more worldly. 2. of their attacks is usually relatively tow, because these hackers often employ prefabricated pre·fab·ri·cate tr.v. pre·fab·ri·cat·ed, pre·fab·ri·cat·ing, pre·fab·ri·cates 1. To manufacture (a building or section of a building, for example) in advance, especially in standard sections that can be easily shipped and hacker tools to launch attacks." Script kiddies, says Vatis, "may be driven simply by the desire to achieve bragging rights about their exploits." Still, what the script kiddies lack in finesse, he says, they more than make up for in their potential to knock critical systems offline. That makes them a continual source of concern for network administrators. "There are always going to be attempts made to enter a network system, or curious events that show up," says Marie Gallagher, electronic security analyst for Information Technology at Santa Clara University. "You need to examine those events closely to see whether it is a configuration issue, a virus, or a bona fide [Latin, In good faith.] Honest; genuine; actual; authentic; acting without the intention of defrauding. A bona fide purchaser is one who purchases property for a valuable consideration that is inducement for entering into a contract and without suspicion of being attempt to hack into the system." COMPROMISING SITUATIONS Viruses, worms, trojans, and "bots bots maggots of flies which infest animals, especially horses and sheep. The term bot is also loosely used to include the invasive maggots such as those of Cuterebra and Wohlfahrtia spp. horse bots see gasterophilus. " are easily, and often unwittingly, distributed through e-mail systems, say campus IT experts. Hidden deep in a system, some of the more damaging versions can also record and transmit passwords and personal information from an infected machine, directly to hackers. This opens the door to intruders to access classified campus information on any number of levels--from student grades, to information on hazardous biochemicals. "When something embeds itself and makes modifications to the system, you've got a compromised box that can be used to launch an attack. That's a big problem," says Gallagher. Most often that problem is a DoS, or Denial of Service A condition in which a system can no longer respond to normal requests. See denial of service attack. , attack across a campus. In a DoS attack, a compromised computer sends a message with a false return address to the server. When the server responds, it is unable to find the sender and waits for up to a minute before closing the connection. Multiply this by millions of similar false requests from hundreds of "zombie" computers, and the overwhelmed campus server crashes. "The problem with this sort of attack is that there's no way to prevent it, because you have no idea where you're going to be attacked from; anyone in the world who is connected to the Internet could be the source of an attack," says Vatis. Moreover, the owners of zombie computers often have no idea their machines have been compromised. "That's particularly worrisome for colleges and universities because IHEs make very attractive launching pads for would-be DoS attackers." TEAM EFFORT The speed with which technology changes makes it difficult for network administrators to stay ahead of the security game. With the growth of wireless networks, for example, comes the susceptibility to "drive-by hackers," who can take advantage of wireless encryption flaws to access a school's internal network--even behind firewalls. But help may be on the way. In February, the U.S. House of Representatives passed a bill authorizing nearly $880 million over five years to help find ways of improving network security. Much of that money will go to research at colleges and universities, and to establishing undergraduate and master degree studies in computer and network security. The bill will likely earn Senate approval later this year and already has the support of the White House. Until then, however, universities must assume the burden themselves by using prevention tools and by educating the campus community to the seriousness of the issue. SCU's Gallagher says that although her school does have an Internet usage policy The guidelines and instruction given to employees concerning the use of Internet facilities such as the Web, e-mail and chat conferences. It stipulates all prohibitions such as access to pornographic sites, conducting illegal activities and sexual harassment. , "it doesn't meet the needs of today's world," and efforts are under way to update it. "We're talking to the faculty and staff about security concerns, and about where their responsibilities lie, to find out what they need and want to do with the technology," she says. "A big part of bringing about change lies in the educational outreach to explain why things are the way they are," says Gallagher. "The answers may not make everybody happy, but there are serious reasons we need to do it." RELATED ARTICLE: Copyright pirates. BECAUSE OF THE RELATIVE ANONYMITY they afford, hackers often use campus network servers as repositories for copyrighted materials such as music, movies, or software. In December, U.S. Customs agents seized computers from UCLA UCLA University of California at Los Angeles UCLA University Center for Learning Assistance (Illinois State University) UCLA University of Carrollton, TX and Lower Addison, TX , Duke University, and the University of Oregon The University of Oregon is a public university located in Eugene, Oregon. The university was founded in 1876, graduating its first class two years later. The University of Oregon is one of 60 members of the Association of American Universities. where, they allege, students and network administrators participated in a software piracy ring called DrinkOrDie. Thousands of dollars in stolen software was recovered in the raids, as well as bootleg films such as Harry Potter and the Sorcerer's Stone (which was available even before its theater release). Deliberate attempts to break into a school's system are an ongoing concern for network administrators. In fact, as this article was being prepared, Santa Clara University's IT electronic security analyst Marie Gallagher was monitoring a series of attempts to enter the SCU SCU Santa Clara University SCU Southern Cross University (New South Wales, Australia) SCU Southern California University of Health Sciences (Whittier, California) SCU Serious Crimes Unit SCU Special Care Unit system, originating from a French ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. . "Someone was executing a number of sequential port scans to try to find systems on the network that are open," she explains. After notifying the ISP--unsuccessfully--Gallagher installed firewalls to block all addresses from the French source. "I've since learned that many sites nationwide are being probed this way, too," Gallagher says. "The thought is that someone is probing systems running FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to so that they can place files for music sharing." No, not a threat to national security, but a headache for campus IT security pros, nonetheless.--TG |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion