|
Campus Works to Repel Network Intrusions
|
|
|
|
Campus Works to Repel Network Intrusions
|
|
|
Campus users enjoy access to high-speed Internet connections, which allow UC Davis to meet its broad research, teaching and public service mission. This same computing network also attracts computer virus infections and attempts to break into our systems. Many attackers are particularly interested in the campus network as a convenient source of additional computing power, a place to temporarily store copyrighted programs, or a launching area for attacking other computing systems. These infections and intrusion attempts can reduce the availability and integrity of the campus network and our computing systems. In addition, the owners of non-campus affiliated computers and networks are not very pleased when they are on the receiving end of a computer attack and/or virus. The Ripple Effects of a Network Intrusion
An outside attempt to invade or infect our computing network could cause significant ripple effects in our computing community. For instance, if the infections or invaders are left at large, some Internet sites external to UC Davis could take defensive actions by blocking network traffic to and from UC Davis. Widespread shutdowns are another problem: if an intrusion seriously degrades network performance, network staff may be forced to act under the Emergency Security Policy to disconnect a server and/or workstation from the campus network. Such a service disruption could easily undermine ongoing administrative, teaching or research activities. On the other extreme, if left unattended, a broad coordinated intrusion attempt could quickly saturate campus network resources and impair overall campus network performance levels.Detection Systems to the Rescue
Many corporations and academic institutions are turning to intrusion detection systems (IDS) to help them repel unwanted intrusion activities. Intrusion detection systems (IDS) perform a task that is similar to a security guard. They are "trained" to notice specific patterns, or signatures, of suspicious activity and respond to the activity by terminating a connection, offering an alert, or possibly limiting traffic to/from the offending location. There are IDS sensors that focus on network traffic (network-based IDS) and sensors that focus on computer operating systems (host-based IDS).While the benefits of such systems appear tremendous, many institutions that have adopted intrusion detection systems early on have raised concerns about IDS weaknesses. If an institution decides to utilize intrusion detection systems, they will ultimately face some challenges in managing the implementation of these new "guards" in their network. If the network traffic speeds are very fast, the IDS may not be able to keep up. Also, some IDS users have noticed some glitches in the "guards" when it comes to their ability to distinguish between actual intrusion activities and everyday network traffic patterns or simple misconfigurations. However, IDS solutions are now maturing and independent evaluation services report that IDS vendors have addressed many of these limitations to some degree. Campus Project Team Formed
Information and Educational Technology (IET) uses advanced technology projects to explore critical issues such as these on our campus. In December, IET initiated an advanced technology project to review the advantages and disadvantages of using intrusion detection technology within the campus. This project will identify the role and functions of intrusion detection and prevention within an enterprise security architecture, identify the components of intrusion/infection detection and prevention, review the advantages and disadvantages of IDS use within UC Davis and, where appropriate, recommend a tactical plan for incorporation of these components into the campus computing environment.The project's recommendations are scheduled to be published in late spring. If you have any questions regarding the project, you should contact Robert Ono, the project chairperson, at raono@ucdavis.edu. Send us your comments on this story. |
|
|
