Spyware, spam, and other threats: the six things you need to do now.

Malware is out there, in cyberspace, and ready to make a home on your network's computers. Malware, the catchall catch·all
n.
1. A receptacle or storage area for odds and ends.

2. Something that encompasses a wide variety of items or situations: description for spyware, viruses, worms, and other IT nemeses, can do expensive and time-consuming damage to a campus system. Are you doing art you can to protect your IT assets?

University Business has come up with six essential steps that all IT administrators should be researching now to protect against threats.

1 SEARCH FOR SPYWARE

Spyware is at the top of the List of IT security threats. Spyware is malware that clandestinely records users' online activity and even specific keystrokes. Often users are unaware that hackers have broken into their computers and are stealing data such as passwords and credit card numbers. The appearance of popup windows is one sure giveaway that a computer has been infected with spyware. Granted, many users give the OK for cookies to follow their online actions so they can access certain sites. An inordinate number of popups, however, is sure proof that spyware is lurking on a machine.

On campus, illegal filesharing is the most common path spyware takes to get onto computers, says Michael Cooper

Michael Jerome Cooper (born April 15 1956 in Los Angeles, California) is currently the head coach of the Women's National Basketball Association's Los Angeles Sparks. , program coordinator for the Technology Support Center, West Virginia University West Virginia University, mainly at Morgantown; coeducational; land-grant and state supported; est. and opened 1867 as an agricultural college, renamed 1868. . Basically, if students are using Kazaa, Grokster, Morpheus, or any other free P2P See peer-to-peer and point-to-point. service, an IT director can be sure that spyware is on their PCs and laptops, probably causing compatibility problems, watching users, hogging bandwidth to propagate itself, and slowing down the network.

Cooper combats the problem with network monitoring The term network monitoring describes the use of a system that constantly monitors a computer network for slow or failing systems and that notifies the network administrator in case of outages via email, pager or other alarms. that identifies illegal P2P users, in part by noting if they are using an inordinate amount of bandwidth.

Those identified as illegally downloading music and movies are sent an online warning. The next step is to shut the user out of the network. "I am guessing we have 400 shutdowns per year," he notes. Students who are cut off from the network must bring their computers to the center for scanning. Through the use of Symantec software, machines are cleaned of spyware and any potential virus problems that can result from spyware infiltration.

Such protection is necessary on campus given the continued popularity of free P2P downloads. Even though the Recording Industry Association of America has filed lawsuits against college students and IHEs, campus users continue to download. Consider the statistics issued by Student Monitor, a research organization. During the last month of 2004, 29 percent of all four-year, full-time undergraduate students admitted to downloading unlicensed music or movies. In general, males are more likely to download, with 40 percent owning up to the behavior, compared to 19 percent of females. And 35 percent of the students surveyed believed "almost everyone" on campus downloads illegal files and 75 percent are in favor of illegal file sharing Copying files from one computer to another. See peer-to-peer network, file sharing protocol and file and printer sharing. because it is such a common activity.

Monitoring P2P use, and following through on the necessary cleanup and spyware checks, costs money and takes up staff time. But it is necessary. As Cooper says, "The music is free, but the problems aren't." All the more reason to get a policy in place regarding illegal file sharing and put the correct network safeguards in place to protect against illegal P2P activity and inevitable spyware problems.

A handful of colleges and universities, such as Pennsylvania State University Pennsylvania State University, main campus at University Park, State College; land-grant and state supported; coeducational; chartered 1855, opened 1859 as Farmers' High School. , have subscribed to legitimate P2P services, such as the revamped Napster. In Penn's case, all students registered for at least one course during a semester can use the P2P service. Up until the last day of spring semester classes, 85 percent of Penn's student body had signed up for an ID and password and were downloading an average of 250,000 songs per day, notes Sam Haldeman, assistant to the associate vice provost. Getting such a volume of traffic to migrate to the legitimate service is saving bandwidth on the network, he adds.

Other schools, including Colby-Sawyer College Colby-Sawyer College is a small, liberal arts college situated on 190 grassy acres in picturesque New London, New Hampshire which abuts Lake Sunapee, Pleasant Lake and Little Sunapee Lake. It was founded as a coeducational academy in 1837. (N.H.), are relying on the type of detection software that West Virginia University uses and have similar policies for shutting out P2P offenders.

Earlier this year, security company LANDesk added a spyware detection and removal application. It is a sure bet that many IT security companies will be promoting spyware protection in the same way they now focus on virus scans and spam. "Students can download anything on their own PCs and this introduces risks," says Dave Taylor, the company's vice president of Worldwide Marketing. The higher education higher education

Study beyond the level of secondary education. Institutions of higher education include not only colleges and universities but also professional schools in such fields as law, theology, medicine, business, music, and art. sector is especially vulnerable because users are more mobile than corporate employees. Bringing laptops on and off campus, and plugging into several networks, adds to the security risks.

"People lose as much as 50 percent of bandwidth to spyware," notes Taylor, whose higher ed clients include Tufts University Tufts University, main campus at Medford, Mass.; coeducational; chartered 1852 by Universalists as a college for men. It became a university in 1955. Jackson College, formerly a coordinate undergraduate college for women, merged with the College of Liberal Arts in (Mass.) and Baylor University Baylor University, mainly at Waco, Tex.; coeducational; chartered and opened 1845 by Baptists (see Baylor, Robert E. B.) at Independence, moved 1886 and absorbed Waco Univ. (chartered 1861). The library has a noted Robert Browning collection. (Texas).

2 CAN THE SPAM

On a Monday morning in mid-May, Bryan Lucas, server administrator at Texas Christian University Texas Christian University, at Fort Worth; Christian Church (Disciples of Christ); coeducational; opened 1873 at Thorp Spring, chartered 1874 as Add Ran Male and Female College. It assumed its present name in 1902 and moved to Fort Worth in 1910. , knew something had gone wrong over the weekend. The university, which has an enrollment of 8,500, was pounded with about 2,000 e-mail spam 1. ^ James John Farmer (27 December 2003). 3.4 Specific Types of Spam (FAQ). An FAQ for news.admin.net-abuse.email; Part 3: Understanding NANAE. spamfaq.net. Retrieved on 2007-01-05.
2. ^ You Might Be An Anti-Spam Kook If.... messages--all in German. Worse, the spammers were able to hijack some of TCU's computers and use them as "zombies Zombies

Companies that continue to operate even though they are insolvent. Also known as living dead.

Notes:
It's advisable to avoid investing in zombies at all costs their life expectancies are highly unpredictable. ," embedding programming that commanded these computers to launch another 100,000 to 150,000 additional German spare e-mails.

While those receiving the messages hadn't a clue what they said, almost everyone recognized them as spam and called the university's help desk. "The number of calls swamped us," says Lucas. "My phone started ringing at 8 a.m.; my CIO CIO: see American Federation of Labor and Congress of Industrial Organizations.

(Chief Information Officer) The executive officer in charge of information processing in an organization. met me at the door."

Luckily for TCU (Transmission Control Unit) A communications control unit controlled by the computer that does not execute internally stored programs. Contrast with front end processor, which executes its own instructions. , certain spam and security safeguards were in place. Otherwise, these spam messages, which may have carried viruses with them, could have crippled the network, resulting in a denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. . One of Lucas' first actions was to look at Symantec's website to get the latest spam and e-mail news. After an hour, information was posted on this latest spam attack. Next came a message from CipherTrust, an e-mail security company whose Iron Mail product is used by TCU. CipherTrust provided an explanation of what was happening: The messages were known as German political spare, which luckily did not carry viruses; they did contain German messages related to the 60th anniversary of World War II and the Allied bombing of Dresden. Some messages referred to the bombing as a "mass murder." Many of the e-mails included links to German political websites. Some used language that was translated as saying the senders were "against forgetting" the bombing of Dresden.

CipherTrust supplied remedy code that could be loaded onto the network to stop the spam attack.

Unfortunately, hackers will attack systems through common applications like e-mail, warns Ken Kleiner, system manager of the Computer Science Department at the University of Massachusetts The system includes UMass Amherst, UMass Boston, UMass Dartmouth (affiliated with Cape Cod Community College), UMass Lowell, and the UMass Medical School. It also has an online school called UMassOnline. , Lowell Because servers allow e-mail traffic to get in and out, hackers commonly attack the code that runs e-mail software. Given e-mail's security vulnerability, and the proliferation of spam, some universities are considering blocking forwarding options to Hotmail, Yahoo, and other free e-mail See Internet e-mail service. accounts.

The high volume of spam moving around the internet will certainly stow systems down. A reported 15 percent of the 400,000 daily e-mail messages that come into George Mason University Named after American revolutionary, patriot and founding father George Mason, the university was founded as a branch of the University of Virginia in 1957 and became an independent institution in 1972. (Va.) carry viruses. That amount of malware drags on a network's performance.

Adding to the e-mail security problem is the nature of higher education. "Typically in a university setting, dare I say, the IT environment can be chaotic," says Tim Griffin, director of ITS Systems and Networks for Mississippi State University Mississippi State University, at Mississippi State, near Starkville; land-grant and state supported; coeducational; chartered 1878 as an agricultural and mechanical college, opened 1880. From 1932 to 1958 it was known as Mississippi State College. . There is always a lot of legacy "baggage," he notes. Where the corporate IT world might replace hardware every two years, the Years, The

the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109]

See : Time world of higher ed doesn't have that luxury. The same is true for software and related applications. The end result: IHEs hold on to a mix of legacy e-mail systems that faculty users simply won't part with. Then again, campus IT directors also serve the early adopters who will be the first to ask about Google Gmail accounts or other new applications.

"We have five different e-mail environments here," says Griffin, who suspects that trying to impose standardization at MSU MSU Michigan State University
MSU Mississippi State University
MSU Montana State University
MSU Minnesota State University
MSU Morehead State University (Kentycky)
MSU Montclair State University would be futile. "To standardize is to imply authority," he adds. The higher ed environment rails against limits, maintaining the ideal of an open exchange of information and ideas.

Griffin's solution has been to find an e-mail security product that works with a variety of e-mail clients. All MSU e-mail runs through Roaring Penguin's anti-spare software. This particular company bases its software on open-source tools, says Griffin. "Their spam software sits in front of any solution, allowing you to have many e-mail packages." And while network users can opt out of having their e-mail filtered, they must agree to run all messages through an anti-virus program.

3 TIGHTEN NETWORK CONTROLS

Our entire campus is behind a firewall," says UMass's Kleiner. This firewall acts as a protection to deny unwanted traffic from having access to the network. For example, students and faculty using the system can have access to certain web servers, but they do not have access to the department's FTP server (networking) FTP server - A network server program or computer which responds to requests for files via FTP.

A busy Internet archive site may have one or more computers dedicated to running FTP server software. These will typically have hostnames beginning with "ftp.", e.g. . "We close all the doors, except a few," says Kleiner.

His department also relies on Auditor 128, a network appliance (1) A specialized device for use on a network. For example, Web servers, cache servers and file servers can be implemented as general-purpose computers with the appropriate software or as network appliances, which are computers dedicated to a single function and cannot do anything that monitors traffic. "This application scans the network for vulnerabilities," says Kleiner, and provides analysis on the fly. The auditor scans e-mail and network traffic and looks for trouble. "It looks for weaknesses in the code," says Kleiner. Then the program sends an e-mail suggesting that he might want to install a software patch for protection. "Every day we get an update on the latest vulnerabilities," he concludes.

Nearby, at the University of Connecticut's School of Business, Nortel and other vendors safeguard the students' leased laptops and high-speed internet See broadband. connections in the school's 14 classrooms and faculty offices. Security systems further manage student access to network resources, not just by turning networks on and off, but by allowing professors to specify what types of networks the students can use. Nortel's Optimity Policy Services controls access to UConn's "Financial Accelerator The financial accelerator effect occurs when a firm acquires large profits beyond previously required cash flows, allowing the firm to invest in positive net present value projects, which in turn increase profits further. " trading floor, a business center that provides students with real-time brokerage feeds.

"Giving students laptops was a bit of a distraction in class," says Michael Vertefeuille, director of information technology for the School of Business. Through network access controls, professors are able to turn protocols on and off, in essence controlling what students do in class and protecting the network from any Malware students might inadvertently download.

At Colby-Sawyer College, the IT administrator is most concerned with protecting computers from damage done by students. Anytime they plug their laptops into the network, whether in their dorm rooms or elsewhere on campus, they introduce the possibility of downloading malware and spreading it throughout the network, says Scott Brown Scott Brown may refer to:

Scott Brown (DJ)
Scott Brown (Scottish footballer)
Scott Brown (English footballer)
Scott Brown (Welsh footballer)
Scott P. Brown, a Massachusetts state senator

, information security analyst. "I recently saw one computer with more than 5,000 infections on it," he says, adding that oftentimes service packs will fail to clean up the mess thoroughly because the infections are so bad. More typically, a student's computer might have 400 to 500 infections, he says. "Cleaning up something like this is so time-consuming and the computer can barely function. It has taken up to three hours to work on a computer fiddled with spyware."

For him the antidote will be mandated security scanning and access for each computer. Beginning with the 2005 fall semester, every student and network user will have to agree to a scan done by the product NOD32 offered by the company ESET ESET Essential Security against Evolving Threats
ESET Executive Security & Engineering Technologies, Inc. . Every port to every student computer will have to be registered with the college.

4 INSTALL PERSONAL FIREWALLS

UConn's School of Business has equipped every laptop with a personal firewall. This is exactly what it sounds like: an individual firewall for every computer in the school. "We used to centralize protection," says Vertefeuille, "but we found that when one machine gets attacked, they all get attacked. We had to block things at the machine level."

Vertefeuille calls this "edge protection," as opposed to the traditional "core" approach. "We are able to block viruses at the end-user's port," he asserts. UConn's School of Business began going to the "edge" two years ago. Putting these safeguards in place helped protect the network from the I Love You and Nimba viruses. "We tracked specific patterns on the network and could block the e-mail containing the virus at the computer port level," he explains.

MSU strongly encourages users to have personal firewalls, but the school doesn't require that they do so, says Griffin. His first suggestion is for Microsoft Windows See Windows.

(operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. users--which make up go percent of the computer users on campus--to turn on the personal firewall application built into Windows XP Service Pack 2. "It is better than using nothing," he notes.

5 PROTECT AGAINST IDENTITY THEFT

The list of colleges and universities that have experienced security breaches gets longer by the day.

Academe walks a fine line between fulfilling its mission as an open institution and safeguarding IT data. This spring, administrators at Jackson Community College Jackson Community College (also known as JCC) is a community college located in Jackson County, Michigan. Originally established as Jackson Junior College in 1928, Jackson County electors voted to reincorporate the institution as a Community College District under Public (Ohio) learned the hard way that it is necessary to err on the side of caution when it comes to protecting assets. The college reportedly was almost go percent finished with shielding its network behind a firewall when a hacker was able to access Social Security numbers housed on one of the computers not yet protected. The upshot: 8,000 people had to be notified about the security breach and all IT administrators had to scramble to issue new network passwords to everyone on campus and quickly move away from a Social Security-based ID system.

At the University of Toledo National recognition
In its 125-year history UT has garnered several national accolades. The University’s programs, faculty and facilities have been highlighted in the media, including (Ohio), IT administrators have already been granted $15 million to begin the overhaul of the computer network, including revamping the ID system to replace Social Security numbers with other codes, according to media reports. Many other IHEs, including Texas Southern University, have announced network changes. This spring, TSU Tsu (ts

), city (1990 pop. 157,177), capital of Mie prefecture, S Honshu, Japan, on Ise Bay. It is a commercial and manufacturing center, with glass, machine, and food-processing factories. said it will be dropping Social Security numbers in favor of random ID numbers for its 11,000 students. The university describes the switch as a "large-scale project" that will take up to 12 months to complete.

6 ANTICIPATE THE NEXT THREATS

Malware and spyware are the latest buzzwords Below is a list of common buzzwords which form part of the business jargon of Corporate work environments. General Conversation

Alignment ^[]
At the end of the day ^[0]
Break through the clutter^[1]

. But new threats are coming. Phishing scams, which include urgent spam messages that plead for consumers to supply bank account information and credit card numbers in the effort to "verify" accuracy, are fairly easy to identify. But phishing is getting more sophisticated as hackers get savvier. New phishing scams are timed so that e-mail recipients are tricked into giving out information early in the month, so that they will not notice problems until they receive their bank statement or other monthly bills for 30 more days.

There are, no doubt, more layers of complexity that IT directors will have to be wary of up in the months ahead.

According to a survey conducted by Insight Express in March 2005, 56 percent of IT directors are worried about phishing, yet only 40 percent have protection against phishing e-mail scams. In addition, 45 percent of those surveyed are concerned about zombie A computer that has been covertly taken over in order to perform some nefarious task. It is estimated that millions of PCs around the world have been compromised and, under the control of a third party, routinely transmit messages unbeknownst to the user. attacks--the backdoor See trapdoor. programs that Lay dormant on an in-house computer until commanded to launch attacks on other computers and networks. But only 45 percent have protection against zombies.

According to Educause's Current Issues Survey on IT trends, IT security and identity management is fast becoming the most critical issue, surpassing IT funding in its potential importance.

"Perhaps more important than security breaches is the fundamental issue of individual computer vulnerability, which can turn machines into open doors or worse," according to the Educause survey summary. "Without a comprehensive plan to protect institution-owned, as well as personally owned, network-connected computers from malware, there can be no reasonable level of reassurance."

RESOURCES

CDW-G CDW-G CDW - Government (formerly Computer Discount Warehouse - Government) , www.cdwg.com CipherTrust, www.ciphertrust.com Cisco Systems, www.cisco.com CommTouch, www.commtouch.com CrossTec Corporation, www.crossteccorp.com ESET, www.nod32.com EDUCAUSE, www.educause.edu FraudEliminator, www.fraudeliminator.com LANDesk, www.landesk.com MX Logic, www.mxlogic.com MailFronter, www.mailfrontier.com McAfee, www.mcafee.com Microsoft, www.microsoft.com Network Engines, www.networkengines.com Nortel Networks, www.nortelnetworks.com Qurb, www.qurb.com Roaring Penguin, www.roaringpenguin.com Student Monitor, www.studentmonitor.com Symantec, www.symantec.com TippingPoint, www.tippingpoint.com

COPYRIGHT 2005 Professional Media Group LLC
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Author:	Angelo, Jean Marie
Publication:	University Business
Date:	Aug 1, 2005
Words:	2693
Previous Article:	Getting to one-click giving: quick for donors and data-rich for schools online fundraising is taking off.
Next Article:	Going beyond Google: there's a treasure trove of valuable research online--if you know how to find it.(Internet Technology)

Related Articles
The network poltergeist.(DATABASE & NETWORK JOURNAL INTELLIGENCE)(Grayware)
UK tops league of top bot countries.(Security)
EEMA to tackle cyber crime at UK Regional Interest group workshop.(Security News)
Da Vinci Code spam hits email Inboxes, Sophos warns.(Security News and Products)
Spyware--the hidden threat to business security.(SOFTWARE INTELLIGENCE)
2006 annual threat round-up and 2007 forecast: a special report by Trend Micro- December 2006 David Sancho, threat specialist Jamz Yaneza, senior...
Security news and products; 2006: the year spam raised its game and threats got personal.(SOFTWARE WORLD DIGEST)
Trend micro adds spyware and rootkit protection.(DATABASE AND NETWORK INTELLIGENCE)
87 percent of UK claim to have good understanding of spyware.(Security Trends)
CounterSpy blog.(Security News)(Website overview)