In a past edition of NACS-News, information was shared about the increasing frequency of computer system break-ins and related activities across the Internet. Several other attacks have been fought off by UCI computer supporters since that article was written. One major incident involved NACS’ student computing cluster, EA. In late May, an intruder used a flaw in Sun’s UNIX operating system (now fixed) to gain privileged access to the EA system. He ran a network “packet sniffer” for about 24 hours, which enabled him to collect passwords for about 1300 EA users. As a result, NACS was forced to have each of those 1300 people change his or her password, which was a major inconvenience for all.
NACS continues to investigate ways to reduce the impact of visits by these unwelcome intruders. Substantial staff time is already put into monitoring security alerts and installing patches to correct operating system security problems as they are discovered. NACS has obtained a bulk software license for a secure-Telnet product for Macs and PCs. Using secure-Telnet to connect to remote hosts protects user data and passwords from being sniffed by intruders who gain illegal access to systems connected to the network.