Click here to receive your FREE subscription to Campus Technology

Home > Security Technology >> Hack Job

Features

Security Technology >> Hack Job

3/31/2005

By Matt Villano

The best way to avoid security breaches might be to pay for them.

When a hacker broke into the network at George Mason University (VA) earlier this year, IT officials were absolutely powerless to stop him. Within minutes, the hacker compromised the school’s main Windows 2000 server and gained access to information that included names, Social Security numbers, university identification numbers, and even photographs of almost everyone on campus. Next, he poked around for a back door into other GMU servers that store information such as student grades, financial aid, and payroll. Finally, the hacker tried to crack passwords for other machines—machines in just about every department on campus. Curtis McNay, a system administrator who manages some of the university’s computing systems, saw the whole thing happen. After the break-in, McNay told the Washington Post that he knew from data streaming across his monitor that a break-in was going down. By the time the hack was halted, however, it was too late. Information surely had been copied; privacy most certainly had been breached. And after a week of investigating the scope and nature of the electronic break-in, university officials reluctantly sent an e-mail warning 32,000 students, faculty, and staff members that they were all vulnerable to identity theft or credit card fraud.

“It appears that the hackers were looking for access to other campus systems rather than specific data,” Joy Hughes, the school’s vice president for information technology, wrote in the e-mail blast. “However, it is possible that the data on the server could be used for identity theft.”

Talk about nightmares. For an institution designated as a Center of Academic Excellence in Information Assurance Education by the National Security Agency, the hack attack was disastrous. But the debacle was only the latest in a string of hack attacks against higher education institutions. In the last two years, similar attacks have occurred at the University of Georgia, the University of Texas at Austin, the University of Missouri at Kansas City, the University of California-San Diego, and the University of California-Berkeley, to name a few. In all of these cases, the hackers exploited vulnerabilities in technology set up to foster collaboration and the free exchange of information. Across the board, the hackers scored sensitive information, putting users at risk.

These cases may not represent the norm across North America, but increasingly, US schools are feeling the need to step up security measures to protect their users from invasions of this kind. Most schools take a traditional approach, purchasing the latest and greatest Intrusion Prevention System (IPS) technology from vendors that serve the corporate world (see box below).

Playing it Safe

Of course, the safest way to secure a network is to do it the old fashioned way, with a smorgasbord of security products from a variety of leading vendors.



Recommended Reading
  • California Community Colleges Partner with Waterfall Mobile on Statewide Emergency Notification Coverage

    The Foundation for California Community Colleges (FCCC) has awarded a statewide emergency alert notification contract to Waterfall Mobile. The contract establishes Waterfall's AlertU as an approved technology through the official non-profit foundation for the California Community College (CCC) system office. Through this partnership, individual colleges may directly implement emergency communication services, eliminating lengthy technology evaluation and RFP processes.

  • King's College and ASU Add e2Campus for Improved Emergency Notifications

    King's College and Arizona State University have switched to Omnilert's e2Campus for emergency notification. Omnilert also has introduced a new program called the ENS Conversion Service that allows schools to bulk upload data from their previous emergency notification system into e2Campus at no charge.

  • Saint Joseph Builds Out Wireless Network in Multi-year Upgrade

    Saint Joseph's University has begun deploying a Meru Networks wireless local area network across its Philadelphia campus as part of a multi-year effort to bring wireless coverage to every building on campus.

  • Vista Ramp Up Is Happening Now, Study Says

    Organizations may have been slow to adopt Microsoft Windows Vista, but expect that to change by late 2008 to 2009, according to a Forrester Research report by Benjamin Gray et al., published last week.

  • Talisma Launches New Version of CRM with Built-in Application Management

    Talisma Corp. announced version 8.0 of its constituent relationship management (CRM) application for higher education. The new release includes application management, a revamped user interface, two-way text messaging, personalized Web portals, and an ADA-compliant Web client, among other enhancements.

  • Bringing Composers into Classrooms Through Skype

    Two Pennsylvania teaching colleagues with an interest in music and technology are bringing remote experts into classrooms at almost no cost, using Skype's free videoconferencing technology.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format