By Alex Kingsbury
U-WIRE Washington Bureau
March 27, 2001
As colleges and universities across the country expand their computer networks and connectivity throughout nearly every facet of campus life, the convenience of the computer age grows. Also emerging with that convenience is the danger that hackers and computer viruses pose to the security and integrity of these educational tools.
In a recent report by the Computer Security Institute and the Federal Bureau of Investigation, the reality of the cost of computer security across the country is made clear.
According to the report, 94 percent of the 538 corporations, universities and governmental agencies polled detected computer viruses in their networks. The costs of such problems reached $377 million last year.
“Net abuse flourishes despite corporate edicts against it,” said Patrice Rapalus, director of the Computer Security Institute. “Organizations that want to survive in the coming years need to develop a comprehensive approach to information security, embracing both the human and technical dimensions. They also need to properly fund, train, staff and empower those tasked with enterprise-wide information security.”
Higher education institutions face unique situations in their handling of computer security due to the volume of users and the nature of use that their systems handle.
“On average we see several hundred viruses caught by our mail system each week,” said Scott Conti, network operations manager for the University of Massachusetts-Amherst. “In the case of special viruses that are widespread we may see into the thousands.”
When someone tries to penetrate a university system, they conduct what is called “port scanning,” what Conti calls “rattling doorknobs.” “Every service has a port, that is Telnet, mail, web and ftp, and every computer has open ports. People are sweeping through looking for open ports,” Conti said. “We typically log thousands of probes every day.”
Despite the number of attempts to infiltrate computer systems and viruses on the Internet all demonstrating the potential for a serious threat, Conti says that universities are not doing enough to protect their vital assets.
“Security has not been the focus of universities,” he said. “Typically in a university, anyone can attach any system to the campus network.”
Such attachments create the possibility for hacking as well as viruses.
For businesses, the danger from hacking comes in lost productivity, customer credit and personal information being lost. Lost prestige is a significant factor when well-know sites like eBay and Amazon.com fall to hackers.
“We have seen a real basic flaw in the way that colleges use student Social Security numbers is identification numbers,” Conti said. This information is potentially vulnerable to hackers who may gain access to private student records.
Yet another concern for campus computer security is attempts by students to change their grades. At the University of Massachusetts, Conti says, the systems for financial records and grades are well protected and partitioned so those hack attempts are virtually impossible. However, the danger now lies in professors who store grades on their personal computers.
“It is like in elementary school when the teacher would leave her grade book open on the desk. Anyone with a pencil and eraser could change things and no one would ever know,” Conti said.
Fortunately, there is good interaction between institutions that prevents many hackers from causing problems. Given the nature of the Internet, communication about the latest hacker strategies and programs is easily accessible which according to Conti allows the identification and response to problems on the network to happen within hours.
Despite the best efforts of university systems to protect against viruses and hackers and update their students to the possible dangers of virus infected e-mails and files the best defense is for students to watch for them. Computer security programs exist to “firewall” or protect computers against outside access as well as myriad other devices that reduce the danger to home computers.
Students can protect themselves from viruses by closely monitoring their e-mail and not opening unfamiliar attachments. Additional information can be found on the site of the Norton Anti-Virus program at http://www.sarc.com.