 |
 |
|
|
Computing and Information Technology Advisory Committee [CITAC]
Meeting: February 15, 1999
Minutes
The meeting was held in Room 212 of the K-State Student Union, from 3:30 to 5:00 p.m. Because this meeting coincided with the CITAC Lectures Series, attendance was not taken. More than sixty people attended the session.
In light of several recent events involving the security of the KSU web site and campus e-mail, and due to increasing concern about our vulnerability to computer viruses, the team of Harvard Townsend, Interim Director, Computing and Information Systems, Jeanette Harold, Director, Instructional Technology Assistance Center, and Mike Wonderlich, Manager, Networked Systems & Database Administration, Office of Information Systems, joined to share information about the topics cited above.
HT explained that information security involves secrecy, accuracy, and availability. To protect security, it is essential to identify system vulnerabilities and to deal with threats against them. Attempts to compromise this security were identified when hackers made unprecedented attacks aimed at KSU systems during the fall semester. Townsend explained that articles published on the WWW itself, such as "A Unix Hacking Tutorial," by "Sir Hackalot," proliferate on the Web and make it easy for novices to learn how to exploit vulnerabilities in a system. Sophisticated tools to break down system defenses are likewise readily available on the Internet.
What is at risk? Not only the potential loss or corruption of data, but damage to individuals and to our institutional reputation. Services could be disrupted or curtailed, and financial risk is inevitable with the emergence of e-commerce. Harvard explained that hackers "hop" from one machine to another to hide their identity, spreading viruses sometimes, gaining access to supposedly "secure" information on other occasions.
Townsend told the audience that KATS, SIS, and other systems like them, are "not as attractive" to hackers because they are only of interest to local people who risk their career or education if caught. Also, security is deliberately very tight on these systems, so the chance of detection is much higher. The greatest campus vulnerability lies in Unix, departmental servers, Linux (to less extent), and NT. The latter system is more and more popular with hackers. "Back door" attacks called "Back Orifice" and "Netbus" are commonly used to destroy or otherwise corrupt data on Windows 95/98/NT systems. For this reason Harvard implored everyone to scan everything before executing a file.
What is KSU doing to deal with this growing problem?
HT explained that the initial response has been to implement a program of password management, monitoring security announcements, installing patches, responding to suspicious activity and installing security filtering on routers. The most vulnerable entry point to the campus is via the Internet. To help deal with problems in this regard, CNS has helped to support the new virus protection software contract, it has promoted user education, and created listserv "superlists" for the quick notification of problems. Currently plans are underway to appoint a Systems Security Officer at KSU.
What can individuals do? Townsend advises: "Be paranoid!" Take security seriously. Be proactive by changing one's password with regularity and by using F-SECURE (Data Fellows, Inc.) virus protection on a daily basis. We're going to have to accept a few more inconveniences because of security issues. In addition, it costs money as we continually try to "keep up with the hackers."
Viruses are a reality of today's electronically-connected world. Townsend explained that viruses replicate themselves by attaching to files. Worms act like viruses, but work independently. They can replicate themselves as well. A Trojan Horse replaces legitimate service with disguised functions. They often penetrate a system by means of a "back door" or "trap door."
Mike discussed the various types of viruses and their properties. He highlighted the feature characteristics of typical viruses, such as being particularly stealthy, or polymorphic, a "companion," or "armored." In discussing the discovery of the CIH Virus in the campus-wide "PeopleSoft" program, he offered a chronological account of the steps taken by his office to rid the system of the virus. The summary made it clear how quickly a virus can spread through the system and find itself on individual office machines. Wonderlich stressed the need to install virus protection software at every work station. He encouraged the audience to download the F-SECURE program that is available through the KSU web site.
Jeanette provided an informational and instructional handout with the information needed for faculty, staff, and students to begin using F-SECURE (a program combining the features of F-PROT and COUNTERSIGN). She informed those in attendance that the contract with Data Fellows, Inc. allows the aforementioned groups to use the software in their university offices and at home. She outlined the procedures by which one can download the program directly from KSU's web site, and explained that should a person not be able to download the necessary files at home, he or she could purchase a CD-ROM disc in 313 Hale Library (CNS Consulting).
She advised acquiring the set of DOS book disk and F-SECURE to check one's computer initially for viruses. Once they are known to be "clean," then it is time to download the F-SECURE software from the KSU web site (http://www.ksu.edu/cns/center/download). Of particular importance is to update virus definition files frequently. A major factor in the negotiation of the Data Fellows, Inc. contract was its capacity to update files on a daily basis. Dr. Harold stressed the availability of students at the CNS InfoTech Help Desk (313 Hale) and staff of the Instructional Technology Assistance Center (iTAC) who are willing to help with questions and problems. The General Information sheet (see Attachment A) which she distributed at the meeting includes a host of "useful URLs," specific downloading instructions, and "Anti-Virus Rules for Eng-Users." The latter stresses the need to scan all e-mail attachments before running them, checking ALL disks and software before using them, and never executing software or demos from an unknown source. It is important to scan all software for viruses prior to downloading it. Those who use more than one machine are cautioned to make sure that each one runs anti-virus software and that it is kept current. The page concludes with the request that users report virus attacks to the Information Technology Help Desk in Hale Library.
After a few questions, the meeting was adjourned at 5:00 p.m.
For CITAC,
Bradley Shaw
Attachments:
 |
 |
 |
 |
 |
 |