New computer-security systems chief monitors cybercrime

By Diane Ainsworth, Public Affairs



Craig Lant keeps watch over the campus’s central computing systems.
Peg Skorpinski photo

09 May 2001 | “Big Bro” is watching.

That’s Craig Lant’s term for Berkeley’s new computer network security system. Like the all-seeing, dictatorial boogeyman in George Orwell’s famous novel “1984,” this new network security system monitors all campus computing activities to detect break-ins or failed attempts.

“The problem is very prevalent,” said Lant, the campus’s new information systems security officer. “We have one or two computer incidents a week, but we can’t just shut down the system every time we detect a problem. We will disconnect the computer from the network, though.”

Unlike private organizations, the FBI or other federal agencies, a public university, as part of its mission, is responsible for furnishing information, data and research to the public.

“Part of what we provide is an open system, so that people can use our networks in different ways. And if you start clamping down on that too hard, it gets in the way of people doing their work,” said Lant, who oversees the newly formed System and Network Security Group. “So it’s a delicate balance between not getting in the way of people doing useful work, but at the same time making sure our networks are protected.”

“Intrusion detection,” as it is called, is part of the mission of the new group, which reports to Jack McCredie, vice chancellor of information systems and technology. Lant’s team provides technical leadership in computer and network security and strives to protect network and system integrity. To do so, it deploys advanced security tools to an estimated 50,000 to 70,000 computers across campus.

“Perhaps the biggest threat to the security of our information systems is not understanding that there is a threat,” Lant said. “We’ve had a significant increase in Internet traffic, especially since the introduction of the SETI@home program. In our environment, though, the ‘crackers’ generally aren’t interested in the data, but more typically in using our network bandwidth to attack other systems.”

Sometimes, however, they’re motivated by the simple desire to see how many systems they can crack or damage.

“The most important thing departments can do is make sure every system is managed by a knowledgeable system manager,” Lant said, noting the importance specifically for computers running operating systems like Windows NT, Windows 2000 or Unix.

Unix systems are relatively immune to the viruses and e-mail issues that plague Macs and PCs. But they’re vulnerable to lots of other attacks that can be even more serious, Lant explained.

“Unix systems are what crackers like to break into, take over and use to attack other systems,” he said. “The nature of some of the attacks used on Unix systems is fairly sophisticated. Unfortunately, this doesn’t stop novice, unskilled crackers from using these attacks. That’s why Unix systems really require professional system management.”

Older software on many Unix systems poses a major problem: passwords are exposed. A few standard Unix programs that are notorious for exposing passwords are telnet, rlogin, rcp and ftp, Lant said.

“If you use any of these programs to communicate between two computers, you are exposing any passwords you type over the network,” he said.

It is very simple for someone on another computer to “sniff” (or watch) the network and capture the user’s password as he or she types it. The solution: a free program called “Secure Shell.” Data going out over the network is encrypted, making network sniffing obsolete.

Another way to secure computer networks is to make use of available security tools, Lant said. This is especially important as the campus’s CalNET identification system comes online and as faculty, staff and students are offered more opportunities to do campus business on the Internet.

Computer users should be aware of things that jeopardize system security, Lant said. Online help is available from Workstation Support Services — — about software for use on university computers. Visitors to the site can ask questions to determine whether there is a more secure way of doing whatever they need to do.

“Your system manager can help with that too,” Lant said.
E-mail presents security risks in almost every computer system, Lant added.

“Nearly 100 percent of all viruses, worms and other nasty things we refer to collectively as ‘malicious code’ are transmitted from one computer to another via e-mail,” he noted.

For that reason, it’s always important to view e-mail with some suspicion.

“You should never open an attachment until it has been scanned with an up-to-date virus scanner,” Lant said. “Even if you know exactly what the attachment is, you may not know if the person who sent it to you has an infected computer.”


Home | Search | Archive | About | Contact | More News

Copyright 2000, The Regents of the University of California.
Produced and maintained by the Office of Public Affairs at UC Berkeley.

Comments? E-mail