Michael Ridley

Two weeks ago the campus IT network was attacked. An email went out to all students, faculty and staff to explain what was going on. It was nasty; lots of extra effort was required to secure the network and clean up the problems. No fun for anyone.

Sadly, however, this wasn’t so unusual. We get attacked all the time; every day in fact. The university’s network, servers, and software installations are a battle zone. Over 8 million email messages arrive at UG’s front door each day; 97 per cent are spam or carry viruses of some sort. The vast majority get blocked. Unfortunately, bad stuff gets onto the network in lots of other ways; too many ways.

Spam isn’t just email anymore; spam websites are everywhere. These are sites that spread viruses, steal information, and generally behave fraudulently. According to the very depressing “SpamClock” from the Blekko search engine, there have been over 800 million spam pages (and counting) created since January 1^st of this year! Over a million new spam pages per hour.

As nasty as spam is, it can be worse. Some attacks are much more malicious: destroying information, releasing personal data to other sites, and wreaking havoc of all sorts.

So what is happening? Who is doing this and what are we doing to defend the campus? To be honest, I don’t really know who is after us. Criminals. Jerks. Whatever. Our focus is on security and protection. Securing a campus network is now serious, every day work. Serious. Complex. Expensive. Relentless. CCS and my Office have to dedicate significant resources to protecting the campus.

Our challenge is simple: how to maintain an open network that facilitates the effortless exchange of ideas and information while at the same time maintaining a secure and safe environment. Open and safe. Not an easy combination.

Intrusions are not normally done by people; all this activity is usually done by other software programs: bots, Trojans, viruses, worms, spyware. It’s all called “malware” but I think my favourite description is “pestware.” It certainly captures, if politely, my feelings about it. Intrusions are designed to do many things but most often they are looking to create “zombie” machines; essentially taking over a computer to do the bidding of the malware (such as spewing out thousands of spam emails). You may not notice it at all; some pestware persists undetected for months, even years.

What can you do?

1. Put virus protection on your computer. The university provides free access to such software for all students, faculty and staff (check the CCS Software Distribution site). Make sure it auto updates itself with protection against new outbreaks; outdated virus software is just about as bad as none at all.

2. Change your passwords occasionally. Believe it or not, some people have the password “password.” D’oh. Choose hard passwords and keep them to yourself. Writing your password on the bottom of your computer doesn’t cut it. Difficult passwords may be a pain but they are your best line of defensive.

3. Be prudent. If you get email someone is trying to give you a million dollars in exchange for your email ID and password, maybe, just maybe it’s a trap. If the deal on that website looks too good to be true …. yup, you know the story. Remember, it is never that urgent to “click here!” without thinking first.

4. Challenge the hacker culture. It isn’t cool to steal data, compromise accounts, threaten people. We have glamorized the nerds and missed the real danger. Hackers are not some new Robin Hood in the virtual world, most of them are criminals.

Resolving the intrusion last week took a tremendous effort from the university IT team. These folks are dedicated IT professionals that most of us never see. My thanks to them for their extraordinary efforts. And my thanks to you, the users of IT on campus for your patience. You depend on IT to be available, fast, and safe 24/7/365. We work hard trying to achieve that goal.

Michael Ridley is the Chief Information Officer (CIO) and Chief Librarian at the University of Guelph. Contact him at mridley@uoguelph.ca or www.uoguelph.ca/cio.

Your anonymous comment may be printed in The Ontarion's print publication.