Campus IT repels global threats, enlists student help


                                                                                                                   Courtesy Flickr

Nov. 17, 2014
Nick Beadleston
[email protected]

The UCCS server has been attacked more than 240,000 times over the past 30 days.

Approximately 3,200 attacks originated in Iran, 1,700 from China and 1,200 from Russia. But the vast majority have come from inside the United States.

These numbers, while not unusually high, represent a growing trend according to Greg Williams, information security officer.

“[UCCS has] increased how much bandwidth we use, and with that bandwidth comes more attacks,” he said.

Williams, along with one analyst, makes up the university’s cyber security staff. While much of the university’s cyber security work is automated and done behind the scenes, there is still a place for everyday student vigilance.

To help combat the increasing volume of attacks, IT will be starting a reporting rewards program.

The program will incentivize early reporting of suspicious online activity by rewarding students, staff and faculty with 8 GB, metal, key ring flash drives.

Williams hopes using higher quality flash drives will ensure they are lost or left in university computers less often. The rewards program will go live in the next few weeks, after flash drives have been ordered.

The IT security department focuses on detecting and disrupting scams, phishing (attempts to steal personal information) and dangerous, invasive programs know as malware.

Malware accounts for approximately two-thirds of the last month’s server attacks, said Williams. These attacks include any devices connected to the university server, to include wirelessly connected personal computers.

Provided they are notified promptly, Williams said IT can sometimes trace the attack back to its source.

Williams indicated there are international companies, particularly in China, that advertise their ability to steal U.S. university information. He said access to research databases, which are free-to-use for university students, is often the objective.

IT security removes scam or phishing emails, such as one that asked students to confirm their Apple ID, from student’s inboxes on average several times a week, Williams said.

Regarding concerns of invasive monitoring, Williams said fears are unfounded.

“People think that all we do back here in IT is sit and read peoples’ emails. First of all, we don’t have time to do that. Second of all, we don’t want to do that.”

Williams said hacking or attacks originating from the campus is rare but has happened. He said if the activity is unlawful in nature, his department would involve UCCS police. Usually, the attacks are just college programmers testing the strength of server security and disappear before IT can track them.

“We have had that happen, but we haven’ been able to find [them],” he said, “As soon as we react, they’re gone.”

He cited a hack six months ago detected by IT. The student tried to redirect university server traffic to a music video of Rick Astley’s “Never Gonna Give You Up.”

More often the attacks are unintentional. Students unknowingly download unsecure programs that have built in tools that automatically seek out vulnerabilities in the server.

UCCS IT is not isolated in its cyber security fight.

The university belongs to the Research and Education Network Information Sharing and Analysis Center, REN-ISAC. The network shares data on attacks from over 400 higher education institutions and research institutes in the U.S., Canada and New Zealand.

Williams said belonging to the network allows members access to cyber defense tools not available to the general market, as they are designed by other REN-ISAC members. Regardless of data sharing and advances in cyber protection, members of the UCCS community remain integral in server defense.

“We rely on people reporting things to us to help us do our job better,” said Williams. “The more that people tell us what has happened, the better