Penn State Intercom......April 24, 2003

Research data a
growing area of concern
for network security experts

By Heather Herzog and Debbie Ingram
Information Technology Services

One night last March, a leading national research institution in the Boston area became the target of a cyberattack. Over a period of several hours, a hacker gained access to 33 computers in the university's research labs by exploiting a flaw in their operating systems. Fortunately, technicians found the security breach the next morning and were able to avert further damage to the computers, while narrowly escaping a serious compromise of the institution's sensitive research data.

Recently, Penn State experienced a different but equally serious type of cyberattack known as the "SQL Slammer." The Slammer, a computer worm which overloaded Internet servers worldwide at the end of January, managed to infect only a few dozen computers at the University but still caused a major slow-down of Internet traffic by generating a debilitating amount of data over the network.

According to Kathleen Kimball, director of Security Operations and Services (SOS), these are just two examples of the numerous security incidents that have occurred in the last year that underscore the need for universities to secure their networks and protect sensitive data.

"While computer security is a problem for everyone, the research community in higher education is often specifically targeted as a 'weak link' in the chain of growing concerns," she observed. "The pressure on universities to tighten research security is growing as the number of these incidents increases in volume and intensity."

Daniel Updegrove, vice president for information technology at the University of Texas at Austin, added that some university research departments may be inadequately prepared for cyberattacks due to a lack of knowledgeable system administrators and other technical employees.

In an article published in the Chronicle of Higher Education (http://chronicle.com/
free/v48/i27/27a03501.htm), Updegrove stated that one of the biggest concerns is that certain university research departments have only part-time system administrators and sometimes no system administrators at all to control access to lab computers. He also mentioned that in some cases obsolete and general-purpose computers used in university research labs can no longer be made secure against today's cyber criminals.

With the variety of potential risks, universities increasingly are under scrutiny, due to the immense collection of networked research resources they have at their disposal (including super-fast networks and high performance computing for complex number crunching).

"These vast resources serve the economies of the future by fostering the acquisition of new knowledge and technologies, but in today's world they also can become vehicles for serious threats," said Eva Pell, vice president for Research and dean of The Graduate School. "The notice higher education is receiving in the present climate of heightened terrorist activities is forcing many universities to recognize their role in national security. In this climate, Penn State researchers must remain vigilant and recognize the critical importance of maintaining our computer systems and networks in a safe and reliable state."

Having the appropriate safety tools in place and using them properly also can help prevent cybercrime and save University departments significant amounts of money, time and energy. Experts agree it is important that technical employees such as system administrators keep abreast of preventative techniques as well as daily postings on viruses.

"Repairing damage and getting an attack fully under control is both time consuming and expensive," said Kimball. "Once an attack is started, it often never really has an ending, and, like the Energizer Bunny, it just keeps on going. From time to time, SOS still discovers machines infected with malicious code that has been around for awhile, even though system vulnerabilities and preventative measures were well publicized."

To end this cycle, technical employees and network administrators need to keep up with essential preventative measures such as system patches, regular backup of data and system checks to make sure lost data can be restored, she advised. In addition, technical employees need to take all recommended precautions against "Denial of Service Attacks," which prevent access to all or parts of a computer system, and "Access Attacks," where hackers gain access to e-mail accounts or databases containing confidential information.

Kimball also warned that some national grant authorities are considering language that may require applicants to include information in their proposals detailing IT security procedures.

"At some point, possibly sooner than later, grant recipients are going to have to exhibit understanding in the area of computer security."

Higher education represents a major player in the mission to keep America safe from cybercrime, added Kevin Morooney, senior director of Academic Services and Emerging Technologies (ASET), a division of Information Technology Services.

"Consortiums like EDUCAUSE, Internet2 and the Higher Education Information Technology Alliance (HEITA) are all involved in the national effort to secure cyberspace. But it remains the individual's responsibility to use recommended technologies to protect and preserve his or her own sensitive data."

For more information about network security efforts at Penn State, e-mail SecurityConcerns@psu.edu.

Heather Herzog can be reached at heh4@psu.edu. Debbie Ingram can be reached at dfi1@psu.edu.

Back