Information Technology News

The latest news from the Office of Information Technology

You are here: Home / Archives for Hackers

Hackers

Tripwire Watches for Hackers

by

There are a great many ways malicious users of the Internet are devising to sneak software onto a computer. It can be simply annoying but benign (adware), invasive of privacy (tracking visited web sites), and even destructive.

Security patches and firewalls are excellent defensive measures, but if something gets past those defenses, it’s important to find out before any data can be stolen or destroyed. And if your department runs a server, any disruption can be far-reaching.

Wouldn’t it be nice if something monitored the software installed on a key computer, and the configuration of the system, and notified the appropriate person any time it spotted a change? He or she could ignore changes that were deliberate, but take swift action when something was changed without permission.

This is just what Tripwire offers. Tripwire takes a snapshot of a computer, and stores this “baseline configuration” in a database. It then makes regular “integrity checks” and reports any changes (what changed, when, and by whom). Authorized changes become part of a  new baseline configuration.

Tripwire is available for Linux, Sun’s Solaris, HP’s OSF1, IBM’s AIX, and Microsoft Windows. NACS systems administrators, as well as Computing Support Coordinators in some other campus units, are deploying Tripwire to protect their key servers. The NACS Distributed Computing Support (DCS) group is also deploying Tripwire on servers it has under contract, thereby making the benefits of the software available to DCS clients.

A recent UC system wide agreement has made the Tripwire software very affordable. Departmental computing support staff and others interested are invited to contact NACS to discuss deploying Tripwire in their units.

EA System Spring Quarter Hacker Attack

by

In a past edition of NACS-News, information was shared about the increasing frequency of computer system break-ins and related activities across the Internet. Several other attacks have been fought off by UCI computer supporters since that article was written. One major incident involved NACS’ student computing cluster, EA. In late May, an intruder used a flaw in Sun’s UNIX operating system (now fixed) to gain privileged access to the EA system. He ran a network “packet sniffer” for about 24 hours, which enabled him to collect passwords for about 1300 EA users. As a result, NACS was forced to have each of those 1300 people change his or her password, which was a major inconvenience for all.

NACS continues to investigate ways to reduce the impact of visits by these unwelcome intruders. Substantial staff time is already put into monitoring security alerts and installing patches to correct operating system security problems as they are discovered. NACS has obtained a bulk software license for a secure-Telnet product for Macs and PCs. Using secure-Telnet to connect to remote hosts protects user data and passwords from being sniffed by intruders who gain illegal access to systems connected to the network.

Hackers, Network Attacks, and You

by

NACS would like the campus community to be aware that there are increasing numbers of people who use their Internet access to attempt to compromise security on computers connected to the network. Their intentions are more often to “have some fun” rather than to steal anything. Simply gaining access, causing pointless network traffic, and the like, is sport for them. This means you need not have something “important” on your system for it to be a target. If hackers come, they will be disruptive — perhaps just in terms of the target system itself, but more likely in terms of the network as a whole.

LINUX, like other powerful, multi-user operating systems, is a frequent target among hackers. Last summer we had at least 10 Linux systems broken into. The hackers caused downtime, started “ping bombs” on local UCI networks that caused significant network slowing, forced users to re-install operating system software, and forced NACS to disconnect parts of the network at times to prevent greater outages/security-issues.

System Owner Responsibilities

Hackers will not stop at UNIX-based systems like Linux; Windows NT and other systems are also at risk. If you are the owner of a NT, Linux, UNIX, or other multi-user system, you should be aware of the possibility of network attacks. To reduce the likelihood of attacks, someone must follow security alerts and install patches on your computers as necessary. Further, your systems should be regularly inspected for signs of a break-in. If you need help, contact your local computing supporter or NACS for advice.

NACS Actions to Protect the Network

To maintain the integrity of the network, NACS must occasionally disconnect systems that have been violated. Every attempt is made to contact local supporters and/or system owners before taking such a step. Please take appropriate steps to make your systems secure to avoid losing network connectivity and to keep the campus network secure overall.

NACS also has a “firewall” router in place that controls flow of all traffic between UCI and the rest of the Internet. The firewall is occasionally used to disallow access from certain hosts or parts of the Internet that are the source of network problems or hacker attacks. Such access restrictions are announced to the Network Operations Mailing list, UCINET-OPS-NET@UCI.EDU, and are removed as soon as the appropriate authority can be notified and correct the situation. The firewall allows NACS to keep UCInet up and running despite the anti-social activities of a few.

NACS Security Team

NACS has recently created a team of NACS and other staff to review campus network and computer security, make recommendations on how to improve it, and act as a coordination device when network attacks occur. If you have questions, concerns or other input about network security, please contact NACS.