#1.559116

IT monitoring Internet traffic and hackers

Alison Baugh

A visual device now allows the Information Technology team to track Internet traffic and people trying to hack into the USU computer system.

Rian Shelley, a USU network specialist, designed the program locally and completely from scratch. The screen has different color dots to identify the various types of communication and also shows different colors of lines for when people are trying to break into the system or successfully do and when people on campus try to break into something the firewall blocks.

“I don’t know about any other programs like this one,” said Bob Bayn, IT team coordinator.

The main visual screen, which was put in about six months ago, is helped by additional screens on each side. The right screen may seem like a jumble of numbers to the regular person, but the IT team is able to break them down and see how often people are doing the same thing on multiple computers, looking for patterns that show hacking. The IT team reported that people from all over the world, such as the Netherlands and China, have attempted to break in, but with no success.

The left monitor has what the team calls a “honeypot,” or tolerated target, where the technicians can see what kinds of things people are trying, allowing them to keep their system updated against it all.

Computers can still be taken over or compromised while on campus by downloading or clicking on the wrong thing on the Internet, said Miles Johnson, security specialist. When some computers are taken over, users can tell, but most of the time a bugging device is put on the computer that is invisible to the user. It will then track key strokes, watching for any type of password or number it could use, and it will report back to its master. The owner is then able to use the information to access or use credit cards or other personal information, Johnson said.

If the IT team notices this, they are usually able to track the computer and its user within 10 minutes to let them know of the danger and help them take care of the problem.

In the past when a compromised computer needed to be put back on the system, it was done for free. This provided no motivation for the user to keep their computer clean and updated, so the IT team now charges $25 for the first time and $50 each subsequent time. The number of compromised computers dropped from hundreds a month to three or four, Johnson said.

“It made a profound change in the way people think of keeping computers at USU,” he said.

The team encouraged students to be careful about what they click on and giving out their credit card or other numbers online to a site that may not be secure.

Darren Cluff, an IT employee and USU student, has been working with the new system for about two months and reviews the information collected daily to make sure that nothing was missed, as the computer isn’t watched continually. He is now able to find patterns in the numbers and alert the team to any situations that need to be taken care of.

The IT team gave suggestions for users on how to watch their own computers. Keeping machines updated and checking them early and often was Cluff and Johnson’s advice. Bayn said users should be skeptical of things that are sent to them. It may take a few minutes to call and verify a bank sent an e-mail, but Cluff said this will save time in the long run and prevent someone from stealing someone’s identity.

An ongoing discussion for the IT team involves an Internet security port, Port 25. This is an attempt to verify which computers on campus are actual e-mail servers and block the others to help keep the security levels high, Johnson said. It is a campuswide issue, and Bayn said they are working with about 100 people who will be affected to determine if the pros will out weigh the cons. The issue will be decided later this year.

-alison.baugh@aggiemail.usu.edu