| Author |
Message |
Shay
Guest
|
 Posted:
Tue Jan 18, 2005 8:12 pm Post subject:
University Hack Attack |
|
|
Hi All,
Recently I received an email from my University asking me to make sure my
Laptop was fully protected and Patched as I use there wireless and LAN
networks whilst I'm in the University Studying.....
What I'm wondering is... how can such a big, supposedly hi-tec institution
fall like this, as they have well over 1500PC's in one campus alone... so
therefore protection is paramount???.... How could the attack have been
carried out... aren't there industrial strength firewalls in operation??...
It always seems to be happening?
Below is a copy of the summery of attack they (the University) sent me:
Background
In late December 2004, an intruder scanned UU PCs and obtained the
Administrator passwords for over 250 machines. A list of IP addresses of the
compromised PCs was found on one of the PCs examined. All of the affected
machines that have been identified to date are located at Jordanstown and
external Internet access to/from these machines has been suspended.
Workstations at other campuses may be affected but are not yet identified as
being compromised.
On Friday 7 January 2004, a worm known as Morphine infected a large number
of staff computers. McAfee 7 and 8 identify the worm but cannot remove it.
This must be done via a Registry edit. |
|
| Back to top |
|
 |
Leythos
Guest
|
| Posted:
Tue Jan 18, 2005 8:17 pm Post subject:
Re: University Hack Attack |
|
|
In article <gH9Hd.1208$SR5.828@newsfe3-win.ntli.net>,
shayglenn@gmail.com says...
| Quote: | What I'm wondering is... how can such a big, supposedly hi-tec institution
fall like this, as they have well over 1500PC's in one campus alone... so
therefore protection is paramount???.... How could the attack have been
carried out... aren't there industrial strength firewalls in operation??...
It always seems to be happening?
|
The problem with firewalls in organizations is that they are on the
borders, not inside (at least not where you're going to be).
With 1500 machines and a couple minutes, it would be possible to brute-
force a user/password crack and get access to the network just like a
student/teacher would. The problem is not the exposure, it's lax
security restrictions and idiots for users that leave a password taped
to the side of their screen, on the desk next to the phone, taped to
their laptop, etc...
The reason for a network is to provide access to services so that people
can perform work/training/etc.... If you restrict the network so much
that people can't work, then there is no point in having a network. At
the same time, if you lock it down and secure it, people will complain
about having to jump through hoops to do work without understanding why
the security is in place.
There are many ways that the attack could have take place and many way
to have prevented it, but, it's about cost/productivity and access/loss.
I would guess that there was nothing the firewall was going to do - it
would be my guess that a known account/password was used - and the
firewall would not have prevented authorized use (even if not by the
proper person).
--
--
spamfree999@rrohio.com
(Remove 999 to reply to me) |
|
| Back to top |
|
|
Eirik Seim
Guest
|
| Posted:
Wed Jan 19, 2005 12:03 am Post subject:
Re: University Hack Attack |
|
|
On Tue, 18 Jan 2005 15:17:20 GMT, Leythos wrote:
[snip]
| Quote: | There are many ways that the attack could have take place and many way
to have prevented it, but, it's about cost/productivity and access/loss.
|
And beeing a large University would mean (at least in my parts
of the world) a really nice and fast connection with the
Internet which, when combined with loads of academics doing
various research and education under a ... well, lets call it a
"distributed administration", equals a really nice place to
crack into computer networks for both hackers and sw-pirates.
In other words, an attractive target.
--
New and exciting signature! |
|
| Back to top |
|
|
Wolfgang Kueter
Guest
|
| Posted:
Wed Jan 19, 2005 1:36 am Post subject:
Re: University Hack Attack |
|
|
Shay wrote:
| Quote: | What I'm wondering is... how can such a big, supposedly hi-tec institution
fall like this, as they have well over 1500PC's in one campus alone... so
therefore protection is paramount???.... How could the attack have been
carried out ...
|
Normally attacking something in such a large network is pretty easy, there
are so many possible targets ...
| Quote: | aren't there industrial strength firewalls in
operation??...
|
Doens't matter, there are far too many stupid users, far too many special
requirements, far too weaks means to enforce a policy and far too many
public IP adresses - in short: university networks are usually imposibble
to secure, certain parts of a university will of course be well protected
but seldom if ever all.
Wolfgang |
|
| Back to top |
|
|
Alinator
Guest
|
| Posted:
Wed Jan 19, 2005 3:40 am Post subject:
Re: University Hack Attack |
|
|
"Eirik Seim" <eirik@mi.uib.no> wrote in message
news:slrncuqnbb.h75.eirik@kain.mi.uib.no...
| Quote: | On Tue, 18 Jan 2005 15:17:20 GMT, Leythos wrote:
[snip]
There are many ways that the attack could have take place and <snip
|
Many universities maintain more open security standards than in the
corporate sector because they *are* academic institutions.
The whole point is an open environment for learning, experimentation,
disemination of information, etc.
Usually though, malicious "experimentation" is dealt with very harshly
(especially if you're a student).
Alinator |
|
| Back to top |
|
|
Shay
Guest
|
| Posted:
Wed Jan 19, 2005 4:16 am Post subject:
Re: University Hack Attack |
|
|
Hi guys... thanks loads for you help :-) I can totally see what you mean.
I think my University should "sand box" (I'm not to sure if "Sand box" is
the right term but what I mean is, is that no external connections should be
made to these servers/pc's as they don't seem to be construed as Academic)
some of it's departments e.g. Finance, Personnel and the Student Registry
Dept.(this is where my information is held) as access was gained to these
depts. and others.
Thanks loads all for your help - I'm curious as the question I would ask, if
I were in charge of any network in this position is "Why?" - is it not
enevetalable that it was desitined to happen - so therefore why wasn't it
protected?... ... sorry... I know its not that simple but I'm a student now
but for 7 years I was a Automation Maintaice Engineer and as far as I'm
concerned all bases shd be covered... but then again... nothings perfect.
Thanks loads,
Shay
"Alinator" <no-way@on-use.net> wrote in message
news:mfgHd.147166$Uf.103934@twister.nyroc.rr.com...
| Quote: |
"Eirik Seim" <eirik@mi.uib.no> wrote in message
news:slrncuqnbb.h75.eirik@kain.mi.uib.no...
On Tue, 18 Jan 2005 15:17:20 GMT, Leythos wrote:
[snip]
There are many ways that the attack could have take place and <snip
Many universities maintain more open security standards than in the
corporate sector because they *are* academic institutions.
The whole point is an open environment for learning, experimentation,
disemination of information, etc.
Usually though, malicious "experimentation" is dealt with very harshly
(especially if you're a student).
Alinator
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in