December 5, 2008
The University networks have undergone a few cyber attacks over the past few weeks which have negatively affected the availability of network services for Case users. These attacks created unplanned outages of campus networks, and most significantly, loss of external connectivity for the University for up to two hours at one point last week.
The Network Engineering and Security Group has been working on responding to the attacks and restoring services. Case users should be aware these attacks originated both internally and externally to the University networks, with the most recent outage being caused by a spike in network traffic that was much larger than what is considered normal traffic patterns. Several factors have contributed to the outage:
- We have evidence of a new botnet (ref: SANS, Computerworld) creating havoc among users of Microsoft Windows, based on the MS08-067 vulnerability. This is a possible cause of attacks on our network from outside and within.
- We also suspect a new Facebook/Myspace virus attack.
These offer a multi-axis combination of factors affecting network connectivity.
Users are an integral part of the overall security posture for the University networks, and the presence of multiple compromised computers on-campus participating as zombies in a botnet illustrates the need for awareness of Tier I controls. What should users do?
Make sure you have applied the Tier I controls. These are Case's baseline security configurations designed to help your system survive the most common attacks. These controls are mandatory, and I'll include just a few for readers to digest:
1. Automated patching for software security updates. This prevents worms from spreading through new vulnerabilities.
2. Installation of the Case Symantec Endpoint Protection anti-virus and firewall software. This is free for Case users through the Software Center. Did I say these anti-virus tools are free for all Case users? Yes they are free, so there is no reason not to have them installed and updated.
3. Be aware of the threat. Users can keep themselves, "...in the know" by subscribing to the SANS Ouch! newsletter and by visiting the Information Security site regularly (use the RSS feed!).
Case users are advised to contact the Case Help Desk (368-HELP) or with questions about network connectivity. The Help Desk is always your data dissemination point for outages.
Posted by Thomas Siu at 11:08 AM