NACS Distributed Computing Support has developed software to improve campus computer security.
In the same way a night watchman proceeds through a building, turning doorknobs to check that they’re locked, hackers scan the network looking for open ports on computers. The new NACS system collects and analyzes information from UCI Unix and Linux computers to check for activity indicative of possible misuse or attempted misuse.
This system is modeled on security features integral to Linux, and delivered to other Unix systems on campus through NACS’s autoinstall software. It depends on modified network applications (such as telnet and ftp) which are often used for compromising system security. These modified applications report to NACS’s logging system whenever they are used. Certain patterns of use are clues that a particular system may need attention.
Intrusion efforts which can be caught by this system range from the simple-minded (probing for improperly secured network ports) to some very sophisticated kinds of attacks (e.g., “buffer overflow” exploits). While the only way to guarantee a computer is safe from network-based attacks is to remove it from the network, this new system represents another way NACS is making it harder to cause harm to UCI computers.