Hi 77 / Lo 55
|Volume 68, Issue 118,
Tuesday, March 25, 2003
Campus networks return to normal after lockdown
Security increased in response to terror threat
By Matt Dulin
Less than 24 hours after Information Technology officials put campus networking security on its highest alert level, shutting down service to popular Internet programs like Kazaa and instant messaging software, normal operations were restored Saturday, Information Technology officials said.
The "severe"-level precautions put in place Friday at noon were in response to an elevated Homeland Security threat level when the United States initiated military action against Iraq last week, said Steve Green, associate vice chancellor for security and disaster recovery.
"We met that day (Friday) and discussed the events that were going on, and we decided that if any kind of cyberterrorism attack would take place, it would be at that time," Green said.
Directly affected were the residence hallsi Internet connections.
"Actual Internet browsing was preserved, but applications like Kazaa and instant messaging were disabled," Green said. Such applications use particular ports on a network router, which were closed to prevent incoming and outgoing traffic.
"Our primary concern was not so much being attacked upon," Green said, "but we are worried about people on campus using our networks, our computers, to launch attacks."
Green described an incident in 2001 when a single computer hacker was able to plant a "bot," or small piece of code, onto thousands of computers, which permitted the hacker to use those computers to initiate a simultaneous attack on major Web sites. For example, he said, the popular auction site eBay was inundated with server requests that resulted in stalling the Web siteis ability to provide service.
"Such attacks are called DDOS or distributed denial of service attacks," Green said.
He said his concern was not necessarily that someone on campus would launch an attack, but that someone could use campus computers to do so by placing bots on the hard drives of the hundreds of computers on the campus network.
"You can imagine what kind of an effect, say, an attack on a military or government Web site would have," Green said. Such acts could show instability and lack of control at a time when Americans are looking for strength in their government, he said.
Green explained that, on their own, the overwhelming majority of studentsi PCs are "completely exposed" to be used as a hacker wills.
P2P software used for file-sharing applications, such as Kazaa and instant messaging, opens up specific vulnerabilities that are popular targets for hackers, he said.
"Most people just donit know how vulnerable they are," he said.
"We have good security in place, but universities in general have a more liberal policy regarding security," Green said, comparing universities to "conservative" corporate networks that are strictly controlled.
"Universities are a beautiful thing. We have pretty high bandwidth and are very permissible. You have a lot of academic freedom with that, and with that comes relying on people using it responsibly, which doesnit always happen," Green said.
Green that his staff and the Department of Information Technology are constantly monitoring the situation in case any contingency would arise that would warrant reverting to a "secure" state.
"We have a team of guys watching the network traffic. If they see something thatis not right, they can respond immediately," Green said. "And again, primarily weire talking about a noticeable difference in the kind of outgoing-type traffic that would resemble a massive attack coming from multiple computers."
After reviewing the situation over the weekend and keeping a close eye on network traffic, what Green called "normal" operations were put back.
"We were concerned about limiting campus services too much, too, but we felt the probability of an attack was lower. People tend to think of us as being like police, like weire trying to keep you from doing something. I try to see it as us being protective and preventative, to keep people from harm," Green said.
Green urged students with complaints about their network services to
address the IT help desk.
Send comments to firstname.lastname@example.org
To contact the
To contact other members