December 3, 2001
ITD offers new threat analysis service
Donna Price is coordinator of communications for the Information Technology Division
Pearl Harbor. Babe. Ghost. Just a list
of movie titles? No, theyre also computer viruses. From Ada to Zulu,
viruses populate the netherworld of information technology, bringing bits
and bytes of chaos to the orderly progress of the workaday world. They
pose a seriousbut not the onlythreat to the security of electronic
information at Emory.
The number of reported security incidents at the University last year
rose nearly 97 percent, ranging from enterprisewide threats to user errors,
to worms and viruses, to spamming and hackers. How do you know if your
data, software and hardware are adequately protected from threats of accidental
or intentional disclosure, modification or destruction?
A significant point of vulnerability is server security. Put simply,
servers are the hardware used to store and share files and applications
that multiple people can access remotely when connected to a network.
There are web servers, file transfer protocol (FTP) servers, Telnet servers,
e-mail servers, file servers and so on. Millions of servers are connected
to the Internet.
At Emory, there are currently about 160 e-mail servers, 300400
web servers, streaming servers to convey digital video and audio files,
and many others, adding up to more than 1,000 servers across campus. These
are administered by departments, divisions and schools, as well as by
the Network Communications and Information Technology divisions.
In most cases, servers dont exchange viruses, but people accessing
data from them do. For instance, a piece of infected mail or a document
may be sitting on multiple servers in a holding mode. John Smith connects
to the server, opens the infected file and the virus spreads. Everyone
who uses e-mail is more than familiar with this pattern of events, but
servers are vulnerable to security breaches in other ways.
For example, take the recent Code Red worm attacks. What made them such
serious threats was that, once the worm identified a vulnerability in
a server and attached itself, it immediately started looking for other
machines with that vulnerability where it could spread. Code Red II installed
a program on infected machines that allowed unauthorized access to files
on that server. Anyone, anywhere, through a Web browser, could change
permissions or change and delete files.
The Code Red II backdoor was only a moderate danger at first because
it required would-be hackers to give victims individual attention,
said Rob Poh, ITD security analyst. That all changed with Nimda,
a newer worm that automated the exploitation of the Code Red II backdoor.
Thousands of threats like these are posed every day to information technology
Security is an issue for the entire Emory community to address,
said Donald Harris, vice provost for ITD and chief information officer.
In an environment where there are more servers purchased and maintained
outside the central
IT units than within, all must be proactive in finding security weaknesses
and taking appropriate action. A critical part of this work is making
sure system administrators have adequate security training and are using
available software and expertise to identify problem areas.
The bottom line, Harris said, is that a poorly maintained
server puts everyone at risk.
To aid the campus in maintaining IT security, Emory now offers a free
security threat analysis to divisions, departments and other campus groups
through local support and network administrators.
Administered by ITD, the system uses Internet Security Systems Internet
Scanner software to help detect vulnerabilities. Scanning is performed
on request or may be offered by ITD when a security incident is identified.
Since its inception, 34 departments have used the service for more than
170 threat assessments.
The analysis identifies weaknesses that could be exploited by intruders.
Selective probes search for 980 known vulnerabilitiesincluding the
most recently developed methods of attackin network communication
services such as operating systems, routers, e-mail, web servers, firewalls
and applications. Results are summarized in a management report that includes
remediation advice and specific steps to secure vulnerable computers.
For more information, contact ITD at SECURITYTEAM-L@listserv.emory.edu. To submit a vulnerability scanning request, contact your local support administrator or make the request directly at www.emory.edu/ITD/IRM/SECURITY/HACKS/ISSReq.html.