NACS News 2001.4
May 18, 2001
In this Issue:
- NETWORK ATTACKS CONTINUE:
- Protecting your computer from "Denial of Service" attacks.
- SYSTEM ADMINISTRATION SERVICES:
- NACS DCS offers professional system administration support.
- WINDOWS LABS USE UCINETIDS:
- NACS drop-in PC labs are using a new authentication system to improve
access and service.
-
Network Attacks Continue
A May 5, 2001 advisory from NIPC (National
Infrastructure Protection Center) reported an increase in "distributed
denial of service" (DDOS) attacks around the country. In fact, even
whitehouse.gov was laid low by such an attack on Friday, May 4. (For more
information, please see http://www.cnn.com/2001/TECH/internet/05/08/dos.warning.idg/index.html)
Ordinary DOS attacks involve keeping a computer
or network device so busy handling spurious requests that the device becomes
unable to manage the business for which it is intended. Sometimes these
attacks are launched from a computer directly under the control of an
attacker. Other times the attack is indirect, where a hacker takes control
of a remote computer and uses it to launch an attack. (This intermediate
computer is called a Zombie). Distributed DOS goes one step further by
using a fleet of Zombies to launch coordinated streams, or to send many
small bursts so that no one Zombie is easily noticed. (More can be found
at http://www.staff.washington.edu/dittrich/misc/ddos/elias.txt)
NACS is undertaking a project to upgrade the
campus border router which will provide better management of incoming
network traffic. This project includes an intrusion detection system and
a firewall to help detect such traffic flows. Additionally, UCI's border
router has already been configured to limit certain types of network traffic
which reduces the threat of DOS attacks.
But firewalls and intrusion detection are
only part of the picture. The best defense against having a computer being
broken into and turned into a Zombie is to keep the system software on
it up-to-date ("patched"), turn off all unused network services
("ports"), and to log activity on the system and scan the logs
regularly.
Recently, NACS ran a scan on campus subnets
looking for Windows 2000 machines running Microsoft IIS5.0, which has
a well-publicized vulnerability on port 80 that allows remote hackers
to establish telnet sessions with the system. Over 100 potentially vulnerable
machines were found on campus, and this information was made available
to departmental Computing Support Coordinators. NACS also regularly updates
all DCS-supported machines to protect them against known kinds of attacks,
and monitors the logs of these machines looking for suspicious connections
from the Internet. NACS offers security updates to key support personnel
around campus as well. If you do your own support and do detect DDOS activity
of the type described by NIPC, please contact nacs@uci.edu.
NACS is responsible for evaluating attacks and reporting to the FBI when
warranted.
System Administration Services
For over 10 years NACS Distributed Computing Support (DCS)
Group has provided professional system administration services to the
UCI campus for UNIX (and to a lesser extent Windows).
Computer system administration generally refers to the maintenance
of a reliable and secure computing environment. DCS has recruited, trained,
and maintained a dedicated support staff alleviating individuals and workgroups
of this burden and some of the associated costs.
DCS relies heavily on the use of automation and standard
client hardware configurations. DCS is also responsible for maintaining
DCSLib, an extensive software library.
DCS currently supports 300 systems in virtually every academic
school and department, but the heaviest demand comes from the School of
Physical Sciences, the College of Medicine, and the Henry Samueli School
of Engineering. Over the past 5 years the number of DCS contracts has
increased approximately 6 % per year.
More information on DCS services can be found at http://www.nacs.uci.edu/support/unix.html.
If you would like to discuss support of your system, please contact NACS.
Windows Labs Use UCInetIDs
NACS has converted a number of computers in its drop-in
PC labs to require UCInetID authentication.
For this initial phase, all the computers in Lab B (Engineering
Gateway 1140) and half the systems in the NACS lab in HIB 343 use the
new PC authentication system. If the system works as expected, NACS will
convert all of its computer labs to the new scheme over the summer.
UCInetIDs (and their associated passwords) have been used
as a means for delivering computer services for many years. Authentication
is a term which means "proving who you are" to a computer. Certain
computing resources need to be restricted to use by UCI affiliates and
are thus tied to one's "network identity." Other times it is
necessary, as with the recent student elections and changing one's phone
book data, to tie services to a single user.
In order to be able to use the PC authentication system,
you need to sign up at https://authenticate.nts.uci.edu/nt/.
A computer is available in the NACS labs for accessing this Web page.
The new PC authentication program has been in place for only a few weeks
and already over 1000 students, faculty, and staff have signed up.
NACS plans to offer other services in the near future through
UCInetID authentication, including access to network file space for EA
and E4E users. Authenticating from computer lab systems will thus enhance
the range of services available to UCI users while working in the labs.
|
![[NACS News Logo]](/images/nacsnews.gif)
