Archive for May, 2001

Network Attacks Continue

May 18th, 2001 by Dana Roode

A May 5, 2001 advisory from NIPC (National Infrastructure Protection Center) reported an increase in “distributed denial of service” (DDOS) attacks around the country. In fact, even whitehouse.gov was laid low by such an attack on Friday, May 4. (For more information, please see http://www.cnn.com/2001/TECH/internet/05/08/dos.warning.idg/index.html)

Ordinary DOS attacks involve keeping a computer or network device so busy handling spurious requests that the device becomes unable to manage the business for which it is intended. Sometimes these attacks are launched from a computer directly under the control of an attacker. Other times the attack is indirect, where a hacker takes control of a remote computer and uses it to launch an attack. (This intermediate computer is called a Zombie). Distributed DOS goes one step further by using a fleet of Zombies to launch coordinated streams, or to send many small bursts so that no one Zombie is easily noticed. (More can be found at http://www.staff.washington.edu/dittrich/misc/ddos/elias.txt)

NACS is undertaking a project to upgrade the campus border router which will provide better management of incoming network traffic. This project includes an intrusion detection system and a firewall to help detect such traffic flows. Additionally, UCI’s border router has already been configured to limit certain types of network traffic which reduces the threat of DOS attacks.

But firewalls and intrusion detection are only part of the picture. The best defense against having a computer being broken into and turned into a Zombie is to keep the system software on it up-to-date (”patched”), turn off all unused network services (”ports”), and to log activity on the system and scan the logs regularly.

Recently, NACS ran a scan on campus subnets looking for Windows 2000 machines running Microsoft IIS5.0, which has a well-publicized vulnerability on port 80 that allows remote hackers to establish telnet sessions with the system. Over 100 potentially vulnerable machines were found on campus, and this information was made available to departmental Computing Support Coordinators. NACS also regularly updates all DCS-supported machines to protect them against known kinds of attacks, and monitors the logs of these machines looking for suspicious connections from the Internet. NACS offers security updates to key support personnel around campus as well. If you do your own support and do detect DDOS activity of the type described by NIPC, please contact nacs@uci.edu. NACS is responsible for evaluating attacks and reporting to the FBI when warranted.

Tags: . Network Security   Send Feedback to OIT

System Administration Services

May 18th, 2001 by Dana Roode

For over 10 years NACS Distributed Computing Support (DCS) Group has provided professional system administration services to the UCI campus for UNIX (and to a lesser extent Windows).

Computer system administration generally refers to the maintenance of a reliable and secure computing environment. DCS has recruited, trained, and maintained a dedicated support staff alleviating individuals and workgroups of this burden and some of the associated costs.

DCS relies heavily on the use of automation and standard client hardware configurations. DCS is also responsible for maintaining DCSLib, an extensive software library.

DCS currently supports 300 systems in virtually every academic school and department, but the heaviest demand comes from the School of Physical Sciences, the College of Medicine, and the Henry Samueli School of Engineering. Over the past 5 years the number of DCS contracts has increased approximately 6 % per year.

More information on DCS services can be found at http://www.nacs.uci.edu/support/unix.html. If you would like to discuss support of your system, please contact NACS.

Tags: , . System Administration   Send Feedback to OIT

Windows Labs Use UCInetIDs

May 18th, 2001 by Dana Roode

NACS has converted a number of computers in its drop-in PC labs to require UCInetID authentication.

For this initial phase, all the computers in Lab B (Engineering Gateway 1140) and half the systems in the NACS lab in HIB 343 use the new PC authentication system. If the system works as expected, NACS will convert all of its computer labs to the new scheme over the summer.

UCInetIDs (and their associated passwords) have been used as a means for delivering computer services for many years. Authentication is a term which means “proving who you are” to a computer. Certain computing resources need to be restricted to use by UCI affiliates and are thus tied to one’s “network identity.” Other times it is necessary, as with the recent student elections and changing one’s phone book data, to tie services to a single user.

In order to be able to use the PC authentication system, you need to sign up at https://authenticate.nts.uci.edu/nt/. A computer is available in the NACS labs for accessing this Web page. The new PC authentication program has been in place for only a few weeks and already over 1000 students, faculty, and staff have signed up.

NACS plans to offer other services in the near future through UCInetID authentication, including access to network file space for EA and E4E users. Authenticating from computer lab systems will thus enhance the range of services available to UCI users while working in the labs.

Tags: , . Computer Labs, UCInetID   Send Feedback to OIT