|
Feb. 21, 2006
Defending GW’s Computers and Identity
Information Systems and Services Promotes Network Security on Campus
BY FRANK BROOMELL
The onion; it is a simple metaphor that represents the numerous layers of security protecting the computers and information systems at The George Washington University. Over the past year this multi-layered strategy has garnered GW’s Information Systems and Services Department (ISS) national attention as a leader in network security from publications such as The Chronicle of Higher Education. Recent developments such as the Clean Access program, which monitors access from computers to the network, have reduced the number of viruses on student computers from more than 1,000 last year to just a handful of instances so far this year. Through this initiative GW has assisted other universities in the development of their own security systems.
The monitoring of the GW network never stops. The University’s network is ringed with firewalls while virus-detecting software patrols campus desktops and scans each incoming e-mail message before it can reaches an unsuspecting user. Several programs are constantly working to safeguard the community. One such program is Intrusion Detection, which is constantly searching for different attacks or viruses. Another, Intrusion Prevention, will halt a network connection if the application detects a major outside threat. Security officers and engineers are ready to go out to investigate and maintain the network should these defenses fail.
More than 100,000 viruses are stopped each day by GW’s defenses. However the most important aspect of the University’s defense against attacks is user awareness. The Security Awareness Program seeks to inform GW students, faculty, and staff about the many threats they face as well as steps they should take to protect their important computer files.
Why should GW be so vigilant? Krizi Trivisani, ISS chief security officer, explained, “Universities a lot of times are direct targets because we have open environments, a lot of transient community members such as students, and powerful networks.”
“The biggest change that we’ve seen is a shift over the past couple of years from amateur hacking to professional hacking,” noted Chief Technology Officer Guy Jones.
As a result, universities across the country face more targeted attacks on their networks. It is no longer just about bragging rights for hackers; rather it is about turning a profit. Hackers seize control of a series of computers, called a botnet, and sell that to a buyer who could have a number of goals. The buyer may turn around and sell it to someone else, send out spam, or use it to try and harvest identity information.
Now “phishing” and “pharming” have become as common as other forms of spam. And, in a new spin on virus attacks, GW experienced an attack during the fall where AOL Instant Message users received an instant message saying, “Look at this photo.” The link was infected with a virus.
What can be expected for the future, and is GW ready to handle future threats? Experts believed they will be simply a continuation of the threats GW currently faces. To that end, the University has plans to unveil a new spam filter within the next year. Also, since Internet security has only been a priority at major institutions for the past three to five years, the tools available to help secure the network are expected to get better. That does not mean GW will become complacent.
“To counterbalance that [development in security] the bad guys are getting more sophisticated,” noted Guy Jones. He added that hackers are trying to work more covertly, using “backdoors” to slip in undetected.
“You get an infection, they open up a backdoor, you clean the infection, and now they’ve got you,” explained Chief Information Officer David Swartz. According to Swartz, a hacker can use this backdoor to link your computer to a botnet. He adds, even blackberries, advanced printers, and some car electronics will be at risk in the coming years as more devices connect to the Internet.
This is why, even with all of the security that GW can provide, there is no foolproof system. It comes down to user awareness. ISS launched a program to advance user awareness through posters and its online help desk (http://helpdesk.gwu.edu).
ISS has one last bit of advice for Internet users. “If it’s suspicious or you don’t know what it is,” warned Trivisani, “don’t take the chance.”
Send feedback to: bygeorge@gwu.edu
|
|
|
