STORIES

Calendar

Achievements

Exhibitions

Briefly Noted

Credits

Archives

On the Front Lines with Information Security

Just as the semester got rolling, the university came under attack from the Blaster worm. It spread rapidly across the Internet, seeking to hog network capacity and shut down our systems.

"By midsummer, information technology managers around the world were aware of a vulnerability in Microsoft systems, a larger flaw than we'd ever seen from Microsoft," explained Bill Post, vice provost for Information Resources. "It was clear that this left us open to exploitation and the possibility for a worm or virus to take over machines and destroy data."

Fortunately, during spring semester, Information Resources began a pilot project to phase in LANDesk, a system that could remotely update the majority of Windows machines on campus with the latest system patches. Machines with these critical patches from Microsoft were protected from exploitation.

"The challenge was getting everyone to update their home and office machines with the new patches and to speed the update through LANDesk to as many machines as possible before an attack took advantage of the vulnerability," said Post.

Since most faculty and students and many staff were away from campus during the summer, many did not update their machines, and LANDesk can only update machines that are turned on.

When the Blaster worm finally began its assault on the world's Windows computers, there were still more than 400 campus computers unprotected. Through an unprotected machine, the worm could enter, cause network-clogging traffic, and spread itself to other unprotected machines.

Recognizing that the worm's damage could be severe, network access was blocked to the unpatched computers to protect them from compromise and data loss. As faculty and staff returned, some found their machines without network access, but the majority had their machines patched and network access back online within 24 hours. About 50 faculty, staff, and lab machines had the worm, but none of those infected showed signs of being compromised.

"The campus had two weeks to begin updating computers before the Blaster worm was released. Unfortunately, it's not likely that we will have this time to prepare in the future and will instead need to update all campus computers in hours, perhaps minutes," explained Post. "By January, we expect to have a process which allows us to respond quickly by making centralized adjustments to all campus desktop computers in less than a day."

As if fighting the Blaster battle wasn't enough, technicians were increasingly challenged by the SoBig virus that affected e-mail the first week of classes. This virus sent more than one quarter million messages into our network attempting to spread the virus. Most infected messages were filtered at the network level, but e-mail was slowed to a crawl for a few days.

"These recent attacks have cost the university hundreds of thousands of dollars in lost productivity and redirected staff time," said Post. "Information security is a continuing challenge. Information security officer Brooke Banks and a security team are working on prevention, policies, procedures, and campus awareness.

Here's what you can do to protect information from outside exploitation:

• Update system patches, security fixes, and anti-virus software (not all computers are connected to LANDesk and most can be set to automatically update from the Internet).

• Don't open suspicious e-mail attachments.
• Turn off your computer at night (unless it is backed up then) to save energy and prevent it from outside network attack.
• Use secure and authorized applications. Applications such as Hot Bar and Kazaa can cause trouble for your computer and leave the university open to network attack.

For more information on protecting our electronic information, see The Security Seven Web site at http://www.csuchico.edu/inf/security/security7.html.

Vicky L. Breeden, Information Resources