23, No. 7, Oct. 2, 2003
CITES personnel kept busy protecting
campus networks, machines
Chamberlain, News Bureau Staff Writer
August was one of
those months where many people probably wondered if it was all worth
it – the e-mail, the Web, the connections.
They learned about the Blaster worm and the Sobig virus, and wasted
hours of work time dealing with the consequences. Many had to deal with
sudden floods of e-mail clogging their mailboxes. Some found themselves
with infected and sometimes dysfunctional machines that had to be disconnected
from the network until they were cleaned.
Other attacks followed, such as e-mails purportedly from Microsoft,
with “patches” to be applied immediately. Were they the
real thing, or not? (Not. In fact people who opened the patch attachments
likely infected their machines.)
The UI systems survived – unlike at some universities where major
services such as e-mail were shut down – thanks to countless extra
hours of work by system and network administrators.
Between late July and late August, “we had over a thousand computers
on the campus that were compromised,” says Susan Lewis, the deputy
chief information officer for the campus. Between dealing with those
machines, anticipating the connection of student machines for the fall,
and a variety of other related concerns, “it was a major effort
for us to stay on top of it,” Lewis said.
But very little of it came from out of the blue, and it’s rarely
the case that it does, Lewis said. Operating system vulnerabilities,
such as those found recently for Windows, are usually found before the
“bad guys” can take advantage in a major way. Patches are
usually written quickly by the software companies and made available
free of charge.
CITES (Campus Information Technologies
and Educational Services) also often can tell when hackers are making
their move, Lewis said. “Our staff networks people are constantly
monitoring the network 24 hours a day,” she said, and they can
often tell when the campus network is being scanned for vulnerabilities
through ports on individual machines.
“Usually when our campus is being scanned, that means someone’s
out looking for trouble,” she said.
But it still comes down to a problem of awareness among those responsible
for individual machines, downloading the necessary updates, and getting
them installed on individual machines.
“Our network is a shared resource, and consequently we are only
as strong as our weakest link,” Lewis said. “So it’s
very important that each of us understand that a vulnerability in one
part of the network can affect people in another part of the network
It’s one drawback to the openness, speed and decentralization
of the campus network, Lewis said. “Universities like ours have
very good, very fast access to the Internet, and so if our systems are
compromised, then we have good, fast access to compromise other machines,
both on and off campus. … If we were all doing this over 300 baud
dial-up, we wouldn’t see near the rate of infection.”
So the standard advice from CITES is to follow the procedures that your
local IT staff have established in their efforts to protect the system.
If your unit does not have local procedures, check for updates daily
of both operating system and anti-virus software, Lewis said. “There
are so many new vulnerabilities, there are so many new worms, there
are so many new viruses that we just think people are in a much better
position if they update daily,” she said.
The latest example is another security vulnerability found in certain
versions of the Windows operating system, announced two weeks ago by
Microsoft. So far, it has not been exploited in a major way, Lewis said.
CITES sent an e-mail to the campus the day after the Microsoft announcement,
and the patch is available through the Windows
Among other standard pieces of advice from Lewis: “Be very careful
about opening e-mail attachments from people you don’t know, or
from people that you’re not expecting an attachment from.”
This includes Microsoft, even if the message looks official. “Microsoft
does not send updates or patches via e-mail. They always direct people
to their Web site to download.”
CITES is planning a meeting on Oct. 2 with system and network administrators
on campus to discuss the best way to implement patches and updates.
In addition, a faculty group appointed by the chancellor, chaired by
Richard Mintel, has been studying the problem and is due to issue a
“We are trying to understand what is the most effective way to
protect ourselves,” Lewis said.
For additional information
on computer and network security, and links to patches and updates for
all operating systems, check out the Guide
to Computer Security page on the CITES Web site.