USU networks under attack
The USU computer network is continually being “poked, probed and prodded” by hackers.
Students, faculty and employees alike must be aware of that, the head of the USU Information Technology Security Team says.
Bob Bayn, member of the IT computer security team, addressed a group of students Wednesday and gave instruction on how all who are connected to the USU computer
network can protect themselves from hacker attacks on Utah State systems.
“We are continually being scanned, continuously being probed by people who want access to USU computers,” Bayn said.
Bayn said hackers who are in it for the money are principally after two things: private information, such as credit card numbers, bank account information and social security numbers; and those who are hacking to gain access to computer resources, such as processor capability and storage capacity.
If a hacker gains control of a computer, Bayn said, he or she can use the computer to store hacker information and programs, and even recruit the machine to be part of an automatic spamming operation, known as a bot-net, where hackers can sell storage space and processing time on a computer that isn’t theirs.
Bayn said hackers who are looking for new victims search by scanning for weaknesses and vulnerabilities of the computers connected to campus. Bayn, who said he and his team monitor network activity closely, said he has seen several different attack strategies, and the security team is constantly on the lookout for any suspicious activity.
Even so, the network team cannot stop hackers from attacking the network, Bayn said, and it is far better to focus on the prevention of hacker control than fighting them off afterward.
“One of the things you’re responsible for besides surfing the Web and doing your homework is keeping your computer safe,” Bayn said. “Everyone that has a computer needs to guard against bad guys.”
Bayn said he recommends a few key strategies to students for protecting against hackers.
“The important thing is to have virus protection,” Bayn said. “Any virus protection is better than none.”
Bayn said free virus protection from McAfee, a computer security company, is available to all students and faculty through the USU Information Technology Web site.
In addition, Bayn said it is important to keep one’s system up to date with the latest security patches from Microsoft, Apple and other computer software companies.
“All operating systems need to be patched regularly,” Bayn said. “I can’t imagine saying something good about Microsoft, but Microsoft has done better over the years to create a pleasing experience and providing a more secure operating environment.”
Specifically, Bayn said computers are most at risk immediately after “Black Tuesday,” the scheduled day every month on which Microsoft releases its latest security patches. Bayn said hackers are the first to receive the security updates and patches and are quickly able to analyze the patches and reverse engineer viruses and malicious software to take advantage of non-updated computers.
Bayn also said one very simple way to help keep a system secure is to turn it off when it is not in use.
“Hackers these days who are in it for the money are interested in getting into your computer without you knowing that anything is wrong,” Bayn said. “Turning off your computer can be used as a security measure, but not the only one.”
Another important way to protect a computer and personal information is to “be an Internet skeptic,” Bayn said.
He said he recommends Site Advisor, a program that advises a computer user about the security of the site before the site is accessed. Many dangerous sites, Bayn said, often offer free software and prizes. He said users should always be suspicious of the possible ulterior motives of authors of Web sites that give away free stuff.
“There’s a lot of stuff on the Internet that appears to be free,” Bayn said. “They usually have some unstated motive behind what they do. They are information mining in one way or another.”
Bayn said users must also be cautious of e-mails from individuals claiming to be from the USU networking team or other legitimate-looking sources. He said the networking team always follows rules when trying to get information to students and faculty through e-mail.
Bayn said any e-mail supposedly from USU that requests that computer users reply to a non-USU e-mail address should be taken as a “big warning sign.” He said when the networking team needs information from anybody on the network, it will always ask that person to send the information to a USU e-mail address. Bayn said he “loves it when someone asks us” whether or not a “phishing message” ,another name for an e-mail-based scam is for real or not.
Bayn said if a computer is compromised on campus and is detected by the security team to be a security threat, it is shut off from the Internet by the security team. He said if a computer is completely commandeered by hackers, the remedy is a bit more drastic.
“If the hackers get control of your computer in any way, our recommendation is to wipe it clean and to start over,” Bayn said.
Bayn said the USU IT Service Desk is available for any student or faculty who needs help with their computer, including cleaning a system and repair after it has been hacked. The Service Desk can be contacted at 797-4357.
-la.hem@aggiemail.usu.edu