Universities Rush to Protect Networks

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A25845-2003Sep4.html

By Brian Krebs
washingtonpost.com Staff Writer
Thursday, September 4, 2003

George Mason University administrators, anxious to protect the 
school's computer network from a raft of viruses and worms plaguing 
the Internet, today unplugged thousands of students from the network.

At 1:35 p.m. today, network administrators at the Northern Virginia 
school cut Internet access for all 3,600 students living on campus. 

The move should not have come as a surprise to GMU students. Last 
week, as freshmen reported for orientation, they were required to meet 
face-to-face with a network security expert to have their laptop or 
computer checked out. Upper classmen were greeted by school officials 
who handed out the latest anti-virus software. To get the school's 
message across, all students were asked to sign a document confirming 
that their computers were updated with all the needed security 
upgrades. 

Not enough students confirmed that their machines were updated, 
prompting the GMU action today. Administrators said they would try 
later today to reconnect dorms, weeding out students with infected 
PCs. Students living off campus can continue to dial in to the campus 
computer network.

George Mason is just one of many universities in the region and across 
the country making computer security a top priority as the fall 
semester gets underway.

University of Maryland residents who tried to access the school's 
network for the first time over the past two weeks were corralled onto 
a Web site to help search for and mend the security hole exploited by 
Blaster, a computer worm that emerged last month and infected hundreds 
of thousands of computers worldwide. More than 6,000 students that had 
yet to apply the needed patches did so, but hundreds of other students 
ignored the advice and were promptly booted from the university 
network, said Gerry Sneeringer, an IT security officer at Maryland's 
Office of Information Technology. 

"There were a certain percentage of students that wouldn't listen to 
us unless we hit them upside the head with a lockout," he said. "You 
simply can't deal with these problems until you've got your network 
under control."

At the University of Virginia, some 800 new and returning student 
residents were knocked offline by the schools' automated security 
"bots," programs that patrolled the network looking for infected PCs. 
Students were then handed CD-ROMs loaded with anti-virus toolkits and 
software patches and were only allowed to plug their computers into 
the school network after proving they installed needed fixes. 

Spokespersons for Howard, American, Georgetown, George Washington and 
Catholic universities reported far fewer problems with their networks. 
While several of those schools were forced to disconnect some infected 
computers, in most cases students asked to prove their PCs were clean 
before being allowed to access campus networks. 

As computers have transformed the way students and teachers interact 
at most universities, school administrators are focused on protecting 
their networks. Roughly 80 percent of higher education classes employ 
e-mail and the Internet for some form of student instruction, 
according to a 2002 study of more than 640 public and private 
universities nationwide conducted by the Campus Computing Project. 

Instructors at most universities are under tremendous pressure from 
administrators and students to distribute course material over the Web 
and through e-mail, and allow students to add and drop classes online, 
said Steven Worona, director of policy and networking programs at 
EDUCAUSE, a nonprofit that provides computer training and support for 
1,900 colleges, universities, and education organizations. 

Because of this dependency on the network, a lot of universities have 
been forced to place much tougher computer security restrictions on 
students. 

"Schools are rapidly moving far away from the complete openness that 
used to exist on their networks," Worona said. "What we're seeing is 
most schools have a desperate need for solutions that can be applied 
to hundreds or thousands of computers in a very short amount of time."

At George Mason, nearly 95 percent of resident students arrived with a 
computer this year. Like at many big schools, GMU professors are 
encouraged to use e-mail to update students on assignments and 
last-minute changes to the syllabus -- and even to administer 
pop-quizzes and tests. Last year, instructors were free to send e-mail 
to an address of the student's choosing, but this semester teachers 
are required to communicate with their students using the school's 
e-mail system, thus the school is taking extra steps to ensure that 
its computer network remains free from viruses.

Despite coordinated efforts to update students' computers, George 
Mason found that handing out free software to upper classmen didn't 
guarantee that students could successfully install it.

Kimberly Borchert, a 19-year-old sophomore, said her computer "freaked 
out" as soon as she plugged it into the school's network last week. 
The anti-virus software she received from GMU scanned her computer and 
determined it had been hit with the "Welchia" worm, a so-called "good" 
worm that destroys Blaster but still attacks other PCs and seizes the 
victim's computer power and Internet connection. As of Wednesday 
night, her computer was still infected and thus banned from the school 
network.

Freshman Andrew Canose was one of several GMU students who encountered 
problems after installing the university-provided anti-virus software. 
Canose found the new program conflicted with an older anti-virus 
program already on his computer. "My computer is like at war with 
itself and won't work," he said. 

Schools outside of the Washington region also scrambled in recent 
weeks to protect their networks. Vanderbilt University in Nashville 
last week banned more than 1,300 students -- about one-quarter of all 
its residents -- from using the network until they cured their 
machines of Sobig and Blaster infections. The school converted 
administrative conference rooms into digital triage units so that 
campus IT experts could help incoming students disinfect and patch 
their computers, a university spokeswoman said.

At the University of North Texas in Denton, the school found that 
4,000 of the school's 5,700 resident students reporting for the fall 
semester last month brought computers infected with some sort of 
virus. Students are being charged $30 if a university technician is 
called in to clean an infected machine, a school spokesman said. 
Students can go to off-campus experts for a fix but must certify that 
their computers are updated with the latest security fixes before 
being allowed to access the campus network. 

Brown University mass-produced 8,000 CDs loaded with anti-virus 
software and security patches and distributed them when students 
picked up their dorm room keys. Still, the Providence, R.I., Ivy 
League school was forced to dispatch teams of security experts to 
residents' rooms to patch computers by hand after university officials 
detected more than a thousand virus-infected student PCs connecting to 
the university network.

"I think we really need to groom a new type of student who is 
responsible for their computer security," said Kathy Gillette, manager 
of George Mason University's beleaguered tech support center. "A lot 
of them lived at home and mom or dad took care of the computer so 
they've never learned how to fix them, but hopefully we'll be able to 
teach them that too."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.