PUBLICATIONS Inside Illinois Vol. 23, No. 7, Oct. 2, 2003

CITES personnel kept busy protecting campus networks, machines

ByCraig Chamberlain, News Bureau Staff Writer
217-333-2894; cdchambe@illinois.edu

August was one of those months where many people probably wondered if it was all worth it – the e-mail, the Web, the connections.

They learned about the Blaster worm and the Sobig virus, and wasted hours of work time dealing with the consequences. Many had to deal with sudden floods of e-mail clogging their mailboxes. Some found themselves with infected and sometimes dysfunctional machines that had to be disconnected from the network until they were cleaned.

Other attacks followed, such as e-mails purportedly from Microsoft, with “patches” to be applied immediately. Were they the real thing, or not? (Not. In fact people who opened the patch attachments likely infected their machines.)

The UI systems survived – unlike at some universities where major services such as e-mail were shut down – thanks to countless extra hours of work by system and network administrators.

Between late July and late August, “we had over a thousand computers on the campus that were compromised,” says Susan Lewis, the deputy chief information officer for the campus. Between dealing with those machines, anticipating the connection of student machines for the fall, and a variety of other related concerns, “it was a major effort for us to stay on top of it,” Lewis said.

But very little of it came from out of the blue, and it’s rarely the case that it does, Lewis said. Operating system vulnerabilities, such as those found recently for Windows, are usually found before the “bad guys” can take advantage in a major way. Patches are usually written quickly by the software companies and made available free of charge.

CITES (Campus Information Technologies and Educational Services) also often can tell when hackers are making their move, Lewis said. “Our staff networks people are constantly monitoring the network 24 hours a day,” she said, and they can often tell when the campus network is being scanned for vulnerabilities through ports on individual machines.

“Usually when our campus is being scanned, that means someone’s out looking for trouble,” she said.

But it still comes down to a problem of awareness among those responsible for individual machines, downloading the necessary updates, and getting them installed on individual machines.

“Our network is a shared resource, and consequently we are only as strong as our weakest link,” Lewis said. “So it’s very important that each of us understand that a vulnerability in one part of the network can affect people in another part of the network very easily.”

It’s one drawback to the openness, speed and decentralization of the campus network, Lewis said. “Universities like ours have very good, very fast access to the Internet, and so if our systems are compromised, then we have good, fast access to compromise other machines, both on and off campus. … If we were all doing this over 300 baud dial-up, we wouldn’t see near the rate of infection.”

So the standard advice from CITES is to follow the procedures that your local IT staff have established in their efforts to protect the system. If your unit does not have local procedures, check for updates daily of both operating system and anti-virus software, Lewis said. “There are so many new vulnerabilities, there are so many new worms, there are so many new viruses that we just think people are in a much better position if they update daily,” she said.

The latest example is another security vulnerability found in certain versions of the Windows operating system, announced two weeks ago by Microsoft. So far, it has not been exploited in a major way, Lewis said. CITES sent an e-mail to the campus the day after the Microsoft announcement, and the patch is available through the Windows Update site.

Among other standard pieces of advice from Lewis: “Be very careful about opening e-mail attachments from people you don’t know, or from people that you’re not expecting an attachment from.” This includes Microsoft, even if the message looks official. “Microsoft does not send updates or patches via e-mail. They always direct people to their Web site to download.”

CITES is planning a meeting on Oct. 2 with system and network administrators on campus to discuss the best way to implement patches and updates. In addition, a faculty group appointed by the chancellor, chaired by Richard Mintel, has been studying the problem and is due to issue a report soon.

“We are trying to understand what is the most effective way to protect ourselves,” Lewis said.

For additional information on computer and network security, and links to patches and updates for all operating systems, check out the Guide to Computer Security page on the CITES Web site.

Back to Index