Fifty six seconds is long enough for a hacker to turn your computer into a weapon.
That’s the time it took for an unprotected test computer to start spewing viruses after University officials plugged it into the campus network, and it’s why Information Technology Services is still pursuing a better network security system, despite some speedbumps.
‘If you can raise the patch level or the version level of the operating system, your system is going to have a better chance of sustaining attacks,’ said Kent Strickland, University network security officer.
He said the new system, called a self-defending network, has a component that makes sure all security software is current.
That component, known as the Cisco Trust Agent, doesn’t allow Internet access from a student’s residence hall computer unless it knows the student has made regular updates to their safety software.
Strickland said that’s important, since many students arrive on campus with outdated or nonexistant virus protection which puts the whole campus at risk if a virus, hacker ‘Trojan horse’ or ‘bot’ (aggressive, harmful programs) starts using that computer to attack others.
‘Last fall we had an incident like that that overwhelmed our Internet connection going off campus,’ Strickland said. ‘Our university and other large networks around the world were all coordinating an attack on a university in Sweden last fall, which totally disrupted their network.’
That incident when bots took over many campus computers was one of several worst-case scenarios ITS is trying to avoid.
Others involve ‘phishing’ scams where hackers steal personal identity information, and send out viruses that destroy sensitive data.
In an effort to prevent those scenarios, ITS tested the Cisco Trust Agent in the Harshman-Anderson residence hall during spring 2005.
ITS personnel said the results were good, but that the software could not be implemented for fall 2005, and that more testing is needed.
‘We will continue to evaluate and test the solution,’ said Cindy Fuller, communications director for the chief information officer. ‘If the testing and evaluation supports the decision, we will proceed with deployment at that time.’
Quickness could be a virtue, but even with programs like spyware that monitor web surfing habits continually surfacing, some students view the Trust Agent as an invasion of privacy.
Mike Smith says that’s ludicrous.
‘It just passes information about versions and patch levels to a server,’ said Smith, the University’s network administrator. ‘It’s not looking at any other personal information or their files on their computer.
‘It’s just passing information about their windows patch level and their version of McAfee that they are running.’
Strickland agrees, saying the only programs that steal information are the ones ITS is working to stave off.
He says the Trust Agent makes sure computers are equipped to fight viruses before allowing it to get on the Internet.
‘Basically it is determining if that system has a fighting chance of surviving on the network,’ he said.
One reason Trojan horses invade is for access to financial information, Strickland said.
‘There’s a lot of organized crime behind a lot of the virus raidings and the bot networks, and they’re trying to get at your personal data so that they can do identity theft,’ he said. ‘That’s why you see e-mail spam and phishing attempts.’
Strickland said that despite an existing campus-wide e-mail filter, some phishing attempts get through, and that many web sites are also insecure, inviting identity theft.
Bowling Green Police Lt. Brad Biller welcomes whatever software changes may come from ITS, but cautions that there are other ways to leak personal information.
He cites incidents of criminals stealing credit card applications out of mailboxes as a common example.
‘The term identity theft is pretty global,’ he said. ‘If I take something of yours that I have to use your name to gain benefit from … that could be termed identity theft.
‘For as long as there’s been credit, there’s been people accessing other people’s stuff.’
Matt Clark contributed.
