Computer security continues to demand attention at UCI. In the first eight months of 2001, at least 952 attempts were made to scan systems on campus, seeking one of at least 60 different security vulnerabilities.
The good news is that almost all of these efforts failed, thanks to the ongoing effort of NACS staff and system administrators around campus. The bad news is that it will continue to be necessary for computer users on campus to stay informed and protect themselves. Three relatively recent attacks have gained publicity: Sircam, Code Red, and Nimda.
Sircam is a virus which comes as an e-mail attachment. Opening that attachment on Windows computers will execute “malicious code” which can harm your computer or distribute confidential information. Once a system is infected, it can also infect any other computer with which it is sharing disk resources (i.e., “network drives.”) Sircam can generate a large number of e-mail messages, each with a large attachment (200KB or more). It floods new victims’ mailboxes and places a great load on campus mail servers, thus interfering with systems beyond those infected. All “antivirus software” (such as McAfee and Norton) if up-to-date can detect and eliminate Sircam. This is easiest if you allow your antivirus software to use its automatic update feature. Code Red (and Code Red II) are “internet worms” which act through the Web server software IIS. This worm would change the content of your web site, and possibly launch “denial of service” attacks against other systems (seehttp://www.nacs.uci.edu/news/2001.4.html). Because Code Red could generate a lot of network traffic, it could even render HP printers with network (JetDirect) cards unusable. Code Red is deterred by having the latest update (“patch”) for IIS, but even the most careful administrators of Windows NT systems are vulnerable. (Windows 2000 systems are can be more thoroughly secured against Code Red.)
Nimda was another internet worm, which (among other techniques) could exploit vulnerabilities left behind by Code Red. Nimda was particularly insidious in that it could infect any computer using Internet Explorer to browse an affected Web site, with no sign to the person doing the browsing. Defense against Nimda is available at both ends: by patching IIS and making other prudent security changes to servers, and by running an up-to-date browser (Internet Explorer 5.01 or 5.5 with Service Pack 2, or Internet Explorer 6.)
NACS is coordinating a series of discussions on security techniques for computer support staff. If you would like to be included in the next meeting (to be held in October), please contact NACS.