[ISN] Universities Rush to Protect Networks

From: InfoSec News (isnat_private)
Date: Fri Sep 05 2003 - 00:05:22 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary"

    By Brian Krebs
    washingtonpost.com Staff Writer
    Thursday, September 4, 2003
    George Mason University administrators, anxious to protect the 
    school's computer network from a raft of viruses and worms plaguing 
    the Internet, today unplugged thousands of students from the network.
    At 1:35 p.m. today, network administrators at the Northern Virginia 
    school cut Internet access for all 3,600 students living on campus. 
    The move should not have come as a surprise to GMU students. Last 
    week, as freshmen reported for orientation, they were required to meet 
    face-to-face with a network security expert to have their laptop or 
    computer checked out. Upper classmen were greeted by school officials 
    who handed out the latest anti-virus software. To get the school's 
    message across, all students were asked to sign a document confirming 
    that their computers were updated with all the needed security 
    Not enough students confirmed that their machines were updated, 
    prompting the GMU action today. Administrators said they would try 
    later today to reconnect dorms, weeding out students with infected 
    PCs. Students living off campus can continue to dial in to the campus 
    computer network.
    George Mason is just one of many universities in the region and across 
    the country making computer security a top priority as the fall 
    semester gets underway.
    University of Maryland residents who tried to access the school's 
    network for the first time over the past two weeks were corralled onto 
    a Web site to help search for and mend the security hole exploited by 
    Blaster, a computer worm that emerged last month and infected hundreds 
    of thousands of computers worldwide. More than 6,000 students that had 
    yet to apply the needed patches did so, but hundreds of other students 
    ignored the advice and were promptly booted from the university 
    network, said Gerry Sneeringer, an IT security officer at Maryland's 
    Office of Information Technology. 
    "There were a certain percentage of students that wouldn't listen to 
    us unless we hit them upside the head with a lockout," he said. "You 
    simply can't deal with these problems until you've got your network 
    under control."
    At the University of Virginia, some 800 new and returning student 
    residents were knocked offline by the schools' automated security 
    "bots," programs that patrolled the network looking for infected PCs. 
    Students were then handed CD-ROMs loaded with anti-virus toolkits and 
    software patches and were only allowed to plug their computers into 
    the school network after proving they installed needed fixes. 
    Spokespersons for Howard, American, Georgetown, George Washington and 
    Catholic universities reported far fewer problems with their networks. 
    While several of those schools were forced to disconnect some infected 
    computers, in most cases students asked to prove their PCs were clean 
    before being allowed to access campus networks. 
    As computers have transformed the way students and teachers interact 
    at most universities, school administrators are focused on protecting 
    their networks. Roughly 80 percent of higher education classes employ 
    e-mail and the Internet for some form of student instruction, 
    according to a 2002 study of more than 640 public and private 
    universities nationwide conducted by the Campus Computing Project. 
    Instructors at most universities are under tremendous pressure from 
    administrators and students to distribute course material over the Web 
    and through e-mail, and allow students to add and drop classes online, 
    said Steven Worona, director of policy and networking programs at 
    EDUCAUSE, a nonprofit that provides computer training and support for 
    1,900 colleges, universities, and education organizations. 
    Because of this dependency on the network, a lot of universities have 
    been forced to place much tougher computer security restrictions on 
    "Schools are rapidly moving far away from the complete openness that 
    used to exist on their networks," Worona said. "What we're seeing is 
    most schools have a desperate need for solutions that can be applied 
    to hundreds or thousands of computers in a very short amount of time."
    At George Mason, nearly 95 percent of resident students arrived with a 
    computer this year. Like at many big schools, GMU professors are 
    encouraged to use e-mail to update students on assignments and 
    last-minute changes to the syllabus -- and even to administer 
    pop-quizzes and tests. Last year, instructors were free to send e-mail 
    to an address of the student's choosing, but this semester teachers 
    are required to communicate with their students using the school's 
    e-mail system, thus the school is taking extra steps to ensure that 
    its computer network remains free from viruses.
    Despite coordinated efforts to update students' computers, George 
    Mason found that handing out free software to upper classmen didn't 
    guarantee that students could successfully install it.
    Kimberly Borchert, a 19-year-old sophomore, said her computer "freaked 
    out" as soon as she plugged it into the school's network last week. 
    The anti-virus software she received from GMU scanned her computer and 
    determined it had been hit with the "Welchia" worm, a so-called "good" 
    worm that destroys Blaster but still attacks other PCs and seizes the 
    victim's computer power and Internet connection. As of Wednesday 
    night, her computer was still infected and thus banned from the school 
    Freshman Andrew Canose was one of several GMU students who encountered 
    problems after installing the university-provided anti-virus software. 
    Canose found the new program conflicted with an older anti-virus 
    program already on his computer. "My computer is like at war with 
    itself and won't work," he said. 
    Schools outside of the Washington region also scrambled in recent 
    weeks to protect their networks. Vanderbilt University in Nashville 
    last week banned more than 1,300 students -- about one-quarter of all 
    its residents -- from using the network until they cured their 
    machines of Sobig and Blaster infections. The school converted 
    administrative conference rooms into digital triage units so that 
    campus IT experts could help incoming students disinfect and patch 
    their computers, a university spokeswoman said.
    At the University of North Texas in Denton, the school found that 
    4,000 of the school's 5,700 resident students reporting for the fall 
    semester last month brought computers infected with some sort of 
    virus. Students are being charged $30 if a university technician is 
    called in to clean an infected machine, a school spokesman said. 
    Students can go to off-campus experts for a fix but must certify that 
    their computers are updated with the latest security fixes before 
    being allowed to access the campus network. 
    Brown University mass-produced 8,000 CDs loaded with anti-virus 
    software and security patches and distributed them when students 
    picked up their dorm room keys. Still, the Providence, R.I., Ivy 
    League school was forced to dispatch teams of security experts to 
    residents' rooms to patch computers by hand after university officials 
    detected more than a thousand virus-infected student PCs connecting to 
    the university network.
    "I think we really need to groom a new type of student who is 
    responsible for their computer security," said Kathy Gillette, manager 
    of George Mason University's beleaguered tech support center. "A lot 
    of them lived at home and mom or dad took care of the computer so 
    they've never learned how to fix them, but hopefully we'll be able to 
    teach them that too."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 05 2003 - 03:12:05 PDT