Network Security: Unwelcome Visitors: Campus Networks Are Still Highly Susceptible to outside Attack, and There's No Shortage of Hackers Lying in Wait. (Special Section: Security)
Coral, Tim, University Business
Campus network administrators dread the sixth day of odd-numbered months, and their fear has nothing to do with a full moon, or with superstition. That's the day a malicious "worm" called W32.E.Klez, lying dormant deep within the recesses of the operating system, wakes itself to wreak havoc on computers. "Klez" not only destroys documents by overwriting data with strings of zeroes, but using innocent-looking subject lines for unsuspecting recipients, it also copies itself to networks and e-mail messages. Since it was first identified in January of this year, more than 1,000 incidents of the tough-to-eradicate worm have been reported at businesses and campuses nationwide, including Yale University and Carnegie Mellon University, where IT staff were on the alert to stop it before serious damage was done.
In fact, it is a heightened awareness of cyberterrorism and a prevalence of e-mail-borne viruses such as Klez, Code Red, or Nimda that has made network security services one of the fastest-growing segments in the business of higher education. But the growing incidence of network attacks are only a symptom of a larger problem that schools everywhere must address: How to balance a) the desire to keep an open, information-sharing environment, with b) the need to protect the integrity of--and the investments in--the infrastructure.
Cyberterrorism experts say that the rapid growth of the Internet has led to an enormous increase in the likelihood of attacks on network systems in business and education. Consider these numbers:
* 673 million. The number of worldwide Internet users the Computer Industry Almanac (www.c-i-a.com) estimates there will be by the end of this year--200 million more than at the beginning of 2001.
* 2,437. The number of system vulnerability reports that CERT, the Computer Emergency Response Team (www.cert.org) at Carnegie Mellon, noted in 2001--up from 1,090 the year before.
* 52,658. The number of network "incidents" CERT recorded in that same year--an astonishing jump up from 21,756 the prior year.
Many of these incidents are the work of what Michael Vatis, director of the Institute for Security Technology Studies at Dartmouth College, calls "script kiddies." Script kiddies are a form of hacker, says Vatis, but, "the level of skill and sophistication of their attacks is usually relatively tow, because these hackers often employ prefabricated hacker tools to launch attacks." Script kiddies, says Vatis, "may be driven simply by the desire to achieve bragging rights about their exploits." Still, what the script kiddies lack in finesse, he says, they more than make up for in their potential to knock critical systems offline. That makes them a continual source of concern for network administrators.
"There are always going to be attempts made to enter a network system, or curious events that show up," says Marie Gallagher, electronic security analyst for Information Technology at Santa Clara University. "You need to examine those events closely to see whether it is a configuration issue, a virus, or a bona fide attempt to hack into the system."
Viruses, worms, trojans, and "bots" are easily, and often unwittingly, distributed through e-mail systems, say campus IT experts. Hidden deep in a system, some of the more damaging versions can also record and transmit passwords and personal information from an infected machine, directly to hackers. This opens the door to intruders to access classified campus information on any number of levels--from student grades, to information on hazardous biochemicals. "When something embeds itself and makes modifications to the system, you've got a compromised box that can be used to launch an attack. That's a big problem," says Gallagher.
Most often that problem is a DoS, or Denial of Service, attack across a campus. …