Information Technology News Archive

1996 - 2017

You are here: Home / Archives for Network Security

Network Security

Central Computing and Security

by

NACS has merged its network security activities into the Central Computing Services group, which has been renamed Central Computing and Security (CCS). UCI’s Network Security Coordinator Mike Iglesias, and network security staff member John Lenning, are now a part of CCS. John Mangrich has also been reassigned to the group, and serves as CCS Manager.

In addition to UCInet network security duties, CCS designs and operates UCI’s central computing services, including the “EA” system for undergraduates, “gradEA” for graduate students, “E4E” for faculty and staff, “Orion” (enhanced services for faculty and staff), USENET news service, campus FTP service, and the server hosting UCI’s web site.

Other staff in CCS are:

  • Joseph Farran, Cluster Architect
  • Ted Gielow, UNIX Systems Administrator and Lead Programmer
  • David Mussoff, UNIX Systems Administrator
  • Minh Vo, UNIX Systems Administrator
  • John Ward, Enterprise Services Architect

Garrett Hildebrand continues his role as NACS Network Planner, and is currently working with Cal(IT)2 to address their leading-edge research network needs.

Computer Security Tips

by

Here are some simple steps each computer owner can take to protect computer systems and data at UCI.

Abide by Departmental Security Standards:

  • Check with your local computing supporter to be sure you are using departmentally approved network settings, security tools, and network services.

Physical Security for Computer Users:

  • Lock your office.
  • Put diskettes and CDs in a locked box.
  • Secure computers (especially laptops) to a non-movable piece of furniture or lock them in a drawer when not in use.
  • Never leave your laptop unattended in public places.

Remote Access:

  • Tools such as PC Anywhere expose your computer to additional security vulnerabilities and are not recommended.
  • Some users can get the remote access functionality they need through the use of the campus Virtual Private Network (VPN).
  • Users who require the facilities of Microsoft Networking are encouraged to use Microsoft Remote Desktop (called Terminal Server in Windows 2000.)

More information: http://www.nacs.uci.edu/news/2003.1.html#1

Don’t run unneeded network services:

  • It is important to turn off all non-required ports on your system.
  • Don’t run a Web server which is built-in unless you have a need to do so.
  • To see what is open on your system run the “Shields Up” program at https://grc.com/x/ne.dll?bh0bkyd2 then click on “Test My Shields” and “Probe My Ports”.

Personal Virus Scanners:

  • Obtain updates on a regular basis.
  • Keep subscription to updates current.
  • Set to Auto-update on a weekly basis, if available.

Please note: NACS continues to scan incoming e-mail for viruses and cleans up infected messages. This protection is available only to messages sent to @uci.edu addresses. (That is, people who receive email addressed directly to their own mail servers do not receive this benefit.)

More information on Virus Scanning: http://www.nacs.uci.edu/email/virus-scanning.html

Encrypt network traffic:

  • VPN – When using network resources and applications where a password is requested, NACS recommends use of the VPN Off-campus and wireless traffic is especially vulnerable to “sniffing,” the practice of invisibly capturing, reading, and retransmitting network traffic. 
    More information: http://www.nacs.uci.edu/news/2002.10.html#1
  • SSH – Secure shell (ssh) is an encrypted alternative to telnet and remote shell (rsh), wherein each packet is encrypted from the source to the destination. This prevents your communications (including passwords) from being “sniffed” while in transit. Using SSH insures that your data packets are only readable by you and the computer to which you are connecting. 
    More information: http://www.nacs.uci.edu/support/sysadmin/ssh_info.html

IM Chat:

  • IM Chat (also known as Instant Messaging) is a popular, but non-secure form of electronic communication.
  • Turn off all Terminal Services.
  • Turn off all File Sharing.
  • Check the settings in your Buddy List.

Security Planning Stops Two Attacks

by

Network-based attacks are in the news with increasing frequency. Among the preventative steps NACS takes is to close network “ports” used by these attackers. Two recent examples are “Messenger spam” and the “SQL Slammer Worm.”

The Windows Messenger Service is a normal part of the Windows Operating system, intended to allow system administrators to communicate with computer users. But hackers have figured out how to send pop-up ads to your computer, without your permission, using this same mechanism. Once NACS closed the Messenger network port, UCI computer users could no longer be reached by these innovative spammers.

The weekend of January 25-26, thousands of computers and networks around the country were disabled by the SQL Slammer Worm, aka “Sapphire,” which attacks computers through the MS SQL service. Vern Paxson of LBNL reports,

“This worm required roughly 10 minutes to spread worldwide making it by far the fastest worm to date. In the early stages the worm was doubling in size every 8.5 seconds. At its peak, achieved approximately 3 minutes after it was released, Sapphire scanned the net at over 55 million IP addresses per second. It infected at least 75,000 victims and probably considerably more.”

UCI users hardly noticed the attack that crippled other campuses, and even parts of Microsoft itself, because NACS had previously closed the SQL network port used by the worm (following advice from Foundstone, one of UCI’s security partners).

Network Attacks Blocked

by

NACS Network Planning and Security team has implemented scripts in the campus Intrusion Detection System (IDS) which provide the first dynamic measures to utilize the PIX firewall’s blocking capability. These scripts automate the process of denying access to external hosts attempting to compromise systems on campus. This allows attacks to be stopped when they are detected and prevent further attempts against other campus targets.

Previously, the information gathered by the IDS was used in forensic analysis to identify problems after the fact. While this allowed for the halt of continued problems from the same host and helped alert computing support personnel to current vulnerabilities, it did not generally deter the attacker’s first attempts.

The scripts, written by NACS Chief Security Officer, Mike Iglesias, are run when the IDS detects certain signatures in network traffic which are known to indicate the presence of malicious code. A command is then sent to the PIX firewall and the intruder’s IP address is blocked at the border, preventing all further campus access. All blocking, or “shunning,” is automatically logged to a web page for easy reference by help-desk and other campus personnel.

The signatures included for dynamic blocking are carefully considered to avoid producing “false positives” (legitimate network activity which has the appearance of hostile intent). The blocks are removed after a period of time, and reinstated if the system is still attacking UCI systems or starts attacking again later.

New VPN on UCInet

by

NACS has purchased a new device to offer yet another layer of network security for users of UCInet.

Called a VPN (for “Virtual Private Network”) the new Cisco 3060 VPN Concentrator offers a wide range of security features, depending on how and where you use UCI network resources.The main purpose of the VPN is to allow desirable network traffic and to exclude unwelcome network access.

The VPN in operation is invisible to most users. Then only kind of traffic the VPN won’t permit onto or off campus involves NetBIOS, Microsoft’s proprietary network protocol. NetBIOS is used when accessing shared directories from Windows servers. Accessing Windows “shares” from off campus is inherently insecure, and has resulted in a number of serious network attacks.

In order to take advantage of the VPN, users will have to download and install a client application which works with the VPN to “tunnel” your network traffic through the barrier the VPN otherwise imposes. Permission to tunnel is granted after authenticating with one’s UCInetID and password.

However, protecting the campus from insecure use of NetBIOS is not the only advantage to the VPN. All traffic may be routed through the VPN, at your discretion, in which case it is all encrypted to prevent “packet sniffing.” Ordinarily, appropriately situated computers can watch (“sniff”) network traffic, and possibly reconstitute confidential information such as passwords.

Also, use of the VPN can make your off-campus computer appear to be a UCInet host, which means you can access campus-only network resources (such as Library reference materials).

Since encryption and address translation impose a modest cost to the performance of the network, the VPN offers two modes of tunneling: full tunneling (in which case all traffic is encrypted by the VPN client, routed onto campus, and forwarded to its final destination) and split tunneling, in which case only traffic bound for UCI goes through this process. Activation of the VPN client and choice of tunneling modes can be made a boot-time option for permanently installed (desktop) systems but is not recommended for roaming (laptop) systems which may need different configurations in different places.

This may all seem complex. NACS is ready to help you examine how you use the network, and which option makes sense for your style of use. More information and examples of how to take advantage of various features of the VPN can be found athttp://www.nacs.uci.edu/security/vpn.html