October is Cyber Security Awareness Month, and officials say UH is on top of keeping University information and resources safe from would-be hackers and security hazards.
But technological protection is a compromise between forces that often contradict each other, Charles Chambers, manager of Networking Planning and Development, said.
"It’s a balancing act," he said. "Security is a balance – flexibility, convenience, risk, cost, performance."
In making decisions regarding how secure to make technology resources around campus, Chambers said that many individuals contribute.
"It’s like any other business decision – you’re creating some sort of balance – that balance changes as technology changes, as the risk changes," he said. "It’s always a moving target."
Annoying, but not dangerous
The UH network faces occasional inconvenience rather than malicious security breaches, Chambers said.
One of the more common attacks seeks to enact a denial of service in which an outside party attempts to force a network to shut down.
"Hackers who have commandeered a large number of machines use those machines to direct traffic, a lot of traffic, to a particular location," Chambers said.
The huge amounts of information overwhelm the network, he said, forcing it to its knees.
Over the past four years, however, Chambers said the attacks on service, which cut off service through malicious means, such as hacking, have dropped off.
"The big problems in more recent years tend to be worms that get out and get released," he said.
‘Efficient little beast’
Worms are programs that enter a system and replicate and redistribute themselves over and over, in much the same manner as a virus. Like an attack that denies users service, the programs bog down networks and overload servers with information.
In January 2003, an SQL (Server Query Language) worm infected nearly every SQL server on campus, requiring quarantines for databases and nearly 12 consecutive hours of work for Information Technology to stop it, Chambers said.
"It was a very efficient little beast," he said. "It wasn’t unique to UH."
At the time, CNN reported that the worm, named "SQL Slammer," disrupted airlines, banks and government agencies for nearly an entire day, though it did no permanent damage and was repaired within a day by a patch from Microsoft.
"Most worms are much less efficient at finding other worm fodder," he said.
Worms can enter any server with a public address, Chambers said, so IT now takes a proactive approach to worms by staying up-to-date on patches that block worms from the network. Since the SQL worm incident, UH also reduced the number of connections between servers to make it harder for programs to find servers in which to replicate.
Using networks responsibly
Internally, Chambers said UH takes a reactive approach to problems that have appeared in the past – they prefer network users to utilize an open system responsibly, and the tightness of security varies between different areas on campus.
"Most of the campus security is through recognized risk," he said.
The residence halls are among the most restricted areas on campus as far as network privileges, Chambers said, both to protect residents and the network.
Chambers said students living on campuses have used UH technology to set up web servers and run businesses, both of which are against University policy.
"I got a call from a student one time saying, ‘I need more bandwidth, you’re costing my company money,’" he recalled, and IT stepped in by further restricting the network. "I have a mandate to manage the campus’ resources, and the bandwidth to the University costs the University dollars every month."
Chambers said the network has not seen problems with hackers getting into the system, but that the biggest breach occurred about two years ago when a disgruntled contractor employee with access to the network stepped beyond his bounds and cut it completely off from the Internet.
The hack was more a nuisance than a real security threat, Chambers said, but in response IT further limited network authority to outside companies.
Networks in more secured portions including credit card transactions and PeopleSoft 8.9 are especially difficult to hack, Chambers said, and view outside networks as "hostile."
Interacting with the outside
Networks at the edge of campus that interact with the other networks, such as the wireless network, are more difficult to secure.
Accessing UH Wireless requires authentication before accessing the Internet or the network, Chambers said, and guests are limited to general Internet access only.
"There’s an edge to the wireless environment," he said. "The state auditors came in and mandated it, and it was the right thing to do."
Chambers said IT is also exploring methods to make UH Wireless both flexible and secure for use by mobile devices such as wireless-enabled phones.
"The wireless arena is evolving faster than we can implement the technology," he said. "The wireless environment is something we’ve done well."
Web pranksters
Walker said his office receives reports of tampering on UH-related pages, but all the incidents occurred on sites that Web Technologies does not maintain and generally involved altered graphics.
The content of these Web pages is static, Walker said, which grants easier access to outside parties.
"They’re available to the public directly," he said. "Even the Federal Government, the (National Security Agency) has had their Web page defaced."
IT works with campus entities that experience security problems on their Web sites to identify, remedy and prevent them, Walker said.
The defacements can lead to broken links but usually cause little other damage, he said.
Web site pranksters are rarely caught, he said, because they are a low priority.
"The amount of time, effort and resources required to ‘catch’ them generally greatly exceeds the actual cost of the damage," he said.
Always improving
Chambers said that interacting technology has an inherent risk, and the benefits and costs must be weighed in making the best decisions about security.
"You have to assume some level of risk somewhere, or you’re not going to be able to communicate," he said. "It’s a continued improvement process."
Additional reporting by Bill Conant
