friday, april 30, 2004
news
the university daily kansar
7A
CONTINUED FROM PAGE 6A
of their system." Minden said.
Minden said people are responsible for another concern when maintaining the network. This is especially true for one for the size of the University's.
"University departments, schools, faculty and students pride themselves on independence — sometimes bordering on arrogance," Minden said. "People like, and expect, to connect the computers to the network any time, any place and do so without consulting the authorities."
The struggle to maintain this independence often outstrips the resources for protection. Minden said.
That situation is exacerbated because few people do what they need to to protect their own systems.
tems:
Minden said the reality without network security would be grim. Without any sort of protection the University would be subject to countless attacks, e-mail spams and viruses. That would lead to a harsh world for communication.
nation.
If it happened, other colleges would shun the University to protect themselves, Minden said.
This is the type of reality Information Technology Security was created to stop.
created to stop. Before 2002, they were just a loose staff who spent time patching systems and working on virus prevention. Then when they hired Crawford they gained a comprehensive, unified security force.
"This office was created because the University recognized that the world of information technology security was changing, and we needed to change with it," Tinsley said.
change with it. Crawford brought in a needed specialized skill. He also made sure that all security efforts built on each other in a new way.
Every day unlike any other
Inside the KU Computing Center is a door that always remains locked to the public. Signs written on computer paper say no one is to enter without Crawford's permission.
permission.
Inside, Tinsley sits on a tall computer chair fiddling with a connector. Near him, on the other side of the room, Noronha works near a thick mass of telephone wire connected to the wall.
The omnipresent hum of machinery fills every inch of this room. One glowing workstation sits on a table and an abandoned Mac seems to be collecting dust on a file cabinet. Wires cross the room like vines in an electronic jungle, and a black monolithic case filled with network sensors stands to one corner. It's also cold; the computers need to be
running in a environment that is kept in the low 60s, Tinsley said.
They spend their time working in this room and in the office down the hall. Their average day would be hard to pin down, Tinsley said.
ey said. "The nice thing about working here is that there is no normal day," he said.
day," he said.
Crawford's normal schedule runs from 7 a.m. to 6 p.m., Monday through Friday. But when something goes wrong, he's always on call.
"We never really have a full day off," Crawford said.
On a normal day, in the mornings, the crew checks the security log from the day before in the office. They see what anomalies have turned up — mostly worms or e-mail viruses — and deal with the problems. Then they check industry Web sites looking for news.
Web sites show: "In all honesty we're really at this point kind of computer police," Tinsley said.
They monitor the University's network with a reporting program. They call the main monitoring program which they wrote "CIRCE," taken from Homer's Odyssey. Circe is an acronym that stands for Centralized Incident Response Collection Engine. It works with a sublevel program that comes with their sensors called "Snort," which they did not write. These sensors send out little programs to probe for holes, viruses and other electronic vermin throughout the servers on the University's network. They call these probes "bots," and the program they wrote to run the sensors they call "piglets." In the Odyssey, Circe was a sorceress who turned the men who visited her island into pigs. They chose the name because they wanted to show they are masters of the pig
show they are masters of the pigs — the hackers.
"These are like little spiders we send out to look for weak spots in the network," Tinsley said. The crew sends out passive waves of these probes along with more active programs when needed every day to search the network.
every day to school. They stress that they don't look at people's e-mail, nor would they want too. The size of the network, spanning thousands of computers and the breadth of the campus, makes it impossible, Crawford said.
Crawford said that when something goes wrong, he has to use his skills as a consultant to reassure them. Tinsley also has this responsibility.
Another aspect of their job is answering complaints that people have within the University.
"We give them advice on the phone," Tinsley said.
phone. They they serve as second-level consultants to department computer administrators. Meaning that they are the highest level of technical support. Crawford and crew are called whenever a security based issue comes up, Tinsley said. If it's a simpler issue Crawford directs the caller to the computing services help desk.
The last of their routine jobs is the maintenance of their own security program, and the upkeep of an anti-virus Web site available for all students.
Shades of face
To understand battles Crawford and his crew face daily, you have to first understand the world of the hacker. It's different than the flashy key-tapping fireworks of the movies. It involves slow deliberation.
Shades of hack
the hacker, or the "cracker" as they're known in network security circles, is someone who breaks into computer systems, often with the intent of stealing or destroying something.
"They have elevated it to an art form," Tinsley said.
For the script kiddies, the experience becomes something more.
"It's an ego boost to them," Tinsley said. "They use the Internet as a place to escape."
They look at the vast reaches of the Internet as someplace beyond control. Someplace wild.
Within the world of the hackers, a line is drawn between two groups: white hats and black hats.
"They can hurt people without consequence," he said.
The black hats, whose name was taken from the old westerns, are those who are out to destroy sites. They are the malevolent ones, and the most dangerous.
types. These hackers supposedly break into another system to show people how to protect it. Tinsley has a different view.
ones, and the other. Some white hats, Tinsley said, believe that they are Robin Hood types.
Crawford and his group see themselves outside this oftenromanticized world.
Tinsley has "it's almost like saying a vigilante is a good guy through less-than-saintly means," Tinsley said.
Some time ago — the exact date is kept confidential for security reasons — part of the University's network connection was silently, abruptly stopped.
"If anything, we're the anti-hat hats," Tinsley said. "If you're hacking into a system regardless of your intention, actions must be taken."
Months before, a hacker snuck seamlessly into the system. He or she used a rootkit, or a set of hacking programs, to gain administrator level privileges within the system. The hacker was able to change the access log files. These files serve as an electronic footprint every time you log on or enter a system. That made the hacker invisible. At that point no one knew where to look, Tinsley said.
Notch of glory
said:
Then, in an instant, that system's Internet connection was gone.
gone.
"We were DOSed," he said, meaning the University was hit by a denial of service attack — a move that crippled the system in a flash by denying it any sort of Internet service.
Internet service. This instant, as the system lay besieged and hijacked into a grinding standstill, the network security team's time had come.
"We first asked Why are they attacking the system?" Tinsley said. "Then we checked all open connections."
connections.
They saw nothing. The hacker used the rootkit to instantly wipe clean any trace of users on the system, Tinsley said. The security force had no way to know who it was. Tinsley had restored the network, but the hacker was still loose.
They then devised a "sting" operation, or a trap to regain control of the network.
tor of the net he Do to this they used a program that would take a snapshot of the network and the logging files before the hacker could crash the system.
system.
They ran the program, issuing out "bots" to identify the hacker. Tinsley was certain that sooner or later they would have the culprit. Fanning out across the network, the bots took a picture of the network just as the perpetrator was logging on. It worked. They had the hacker's Internet service provider's address. The game was over.
If the group found an outside source hacked into the University, the crew would contact the Internet service provider or, in an extreme case like the Watkins or international incident, the proper authorities.
If the hacking came from within the University, then network privileges, expulsion and prosecution would be an option.
prosecution 40
Crawford, Tinsley and Noronha watch the network in a never ending and always shifting battle. They have weathered the storms of compromised systems and keep an eye for intruders — either programs or human.
The crew stays ever vigilant, monitoring the network, through the plasma screen, and their workstations. Hacking may get worse as the Internet grows, he said.
"As the Web gets more 'glorified,' more and more exploits and vulnerabilities are inevitable," Crawford said.
If that happens, Crawford and his company will be there at the other end.
-Edited by Robert Perkins
W HOLLYWOOD THEATERS
SOUTHWIND 12 634-578-0000
PLAY IT AGAIN
SPORTS
FAMILYLOGO Purchase Your Ticket Online
At www.familiogoo.com
Set. 8 Sun.: (12:10 - 3:25)
MAR ON FINE *** [R]
Dalir: (4:00) - 7:00 - 7:50 - 10°
BLLA ENGMAWTED [P4]
Daily: (4:40)
(9:28, 10:56)
PRI-SPORT (14/30)
THE LADYLKILLERS [R]
7.65 8.65
Daily: (8:30) 7:25
Fri. Sun.: (12:20) 2:40
HELLOBY [PG-13]
THE LAUDERLEIFERS
Daily: (5:05) - 7:25 - 9:55
Eat: Brun - 10:20 - 2:40
HELLBOY [PG-13]
Daily: 7:05 - 9:45
GOODSERD [PU-13]
Daily: (4:15) 7:05 9:40
Hot & Sun: (12:35)
GOOGEND [PG-13]
Daily: (4:15) - 7:05 - 9:40
Sat. & Sun.: (12,30)
HOME ON THE RANGE [PG]
SENV *** [PQ-13]
Daily: 4:35 -7:30 10:15
Sat. & Sun.: (12:25 - 2:30)
EMV *** [PG-13]
Daily: 4:35 - 7:30 10:15
Sat. & Sun.: (12:00 - 2:30)
STAR TREK 123 NBG-121
MEAN GIRLS *** [PG-13]
Daily: (4:55) 7:40 - 10:00
Daily: (4:55) 7:40 - 10:00
Sat. & Sun: (12:05 - 2:35)
Sat. & Sun.: (10:05 - 2:35)
LAWS OF ATTRACTION [PO-13]
LAWS OF ATTRACTION [PG-13]
Daily: 4:45 - 7:10 - 10:00
Balloy
Sat. & Sun.: (12:45)
2013 BILL Vol. 2 [R]
Sat. & Sun.: (11:15)
BORBY JOHNEL SERIE OF OPENNESS (pq)
9:15 - 12:00
7:15 - 10:00
KILL BILL Vol. 2 (R1)
Daily: 4:00 - 7:00 - 10:10
Sat. & Sun.: (12:30)
CHE PUMMBER [R]
Daily: (4:00) - 7:00
Sat. 2 Bust: (12:30)
THE PUNISHER [R]
Dolly; (4:25) · 7:25 · 10:05
Sat. 8 Sun. (12:40)
12 POINTS ON 30 *** [PG-12]
10 GOING ON 35 **** [PRE]
Dalley: 5:00 · 7:00 · 9:40
Wednesday (Friday) · Saturday (Sunday) · Sunday (Monday)
kansan.com the student perspective
Dunny 0:30 - 7:20 8:15
Bat. & Dawn. (12:10 - 2:40)
Together, they are unstoppable, sexy and loud. They are the bang on a can all-stars "...the power and punch of a rock band with the precision...of a chamber ensemble." —The New York Times
with special guests Terry Riley & Philip Glass Saturday, May 1-7:30 p.m.
Additional Events:
- Meet the Artists: Philip Glass, Terry Riley and Bang on a Can All-Stars,
Thursday, April 29, 7:00 p.m. - Borders Books & Music,
700 New Hampshire - Lawrence
- The Art & Business of Entrepreneurship:
Coffee & Conversation with the Artists:
Friday, April 30, Noon to 1:00 p.m.
Royal discussion with Philip Glass, All-Stars' Julia Wolfe
filmmaker Kevin Willmott, and Lawrence business owner Chris Hepp
Admissions, 4th Level, Kansas Union. FREE
Coffee & Conversation with the Arshts:
Immediately following the concert in the Lied Center's second floor lobby.
brought to you by
GOOD YEAR
--one FREE caramel apple
4661 West 6th St 830-9090
Automotive Service Centers
Two Convenient Lawrence Locations
1226东 23rd St    842-5451
4661东 6th St    830-9090 exp. 5/7/04 Columbia
1226东 23rd St    842-5451
4661东 6th St    830-9090 exp. 5/7/04 Columbia
Dr. Kevin
An Oil Change
Lenahan
935 Iowa
838-3200
$99 Eye Exam &
Disposable Contacts
Price includes: Eye exam, contact lens fitting, two follow up visits, & 2-6 packs of two wk disposable contacts of doctor's choice. Dose NOT include color, tonic, or beberlens. Not valid with insurance or any other prescription. Exp. G0/04/94
Coupons low as $14.75 per box (fair value)
75¢ Off
Coupons
Not valid w/any other offers
624 W. 12th 841-3268
1814 W. 23rd 843-6000
Exp. 5/26/04
KY STUDENT SPECIAL COUNTRYS Collabs
One large l-topping
One large l-topping Two 20 oz Pepsi
For In-Be, Delivery or Carryout
600 W. 23rd Street
785-843-3000
*Citizen*® & Tissue-Tested Style Plates (here available) Vault Student CD-ROM
*Citizen*® and tissue-tested style plates are owned and operated by websites of Citizen Plate, Inc. Delivery charges may apply.
2-9.5-04
*Valid early on Plan, Pinnacle *H* Clarity® & Nissan Leaf Hybrid. Valid until end of sale. Delivery charges apply. Inquiries may be addressed by telephone at 212-650-4324 or by e-mail at delivery.charges@nissanleaf.com. Flights are not available with any other booking method. See page 5-26-04 for details.
Limited delivery and net.
Russell Stover
CAMPUS Coupons
Candies . Cookies . Ice Cream
Mon-Sat 10 a.m. to 9 p.m.
Sun 12 a.m. to 7 p.m.
Wed 10 a.m. to 29 p.m.
785-830-830
- equal or lesser value Offer good at the Lawrence location only
The EyeDoctors 2600 Iowa 842-6999 CAMPUS COUPONS
FREE RAYBAN Sunglasses
A $75 valueu with eye exam
An individual must have a No cash balance. Receipt
not required.
Terms of Sale:
December 26, 2014
Starting May 24, 2018
AUGUST 25, 2018
NOVEMBER 3, 2018
DECEMBER 7, 2018
JANUARY 9, 2018
FEBRUARY 16, 2018
MARCH 13, 2018
APRIL 20, 2018
MAY 27, 2018
JUNE 24, 2018
SEPTEMBER 5, 2018
OCTOBER 11, 2018
NOVEMBER 18, 2018
DECEMBER 25, 2018
JANUARY 12, 2018
FEBURY 19, 2018
MARCH 26, 2018
APRIL 33, 2018
MAY 40, 2018
JUNE 47, 2018
SEPTEMBER 6, 2018
OCTOBER 31, 2018
JUNE 38, 2018
FEBURY 45, 2018
MARCH 54, 2018
APRIL 51, 2018
MAY 58, 2018
JUNE 65, 2018
SEPTEMBER 6, 2018
OCTOBER 31, 2018
JUNE 64
CAMPUS GUIPONS
CANNOT OUT
FLOOD DAD
GRANDMA PARENTHER
NO LIMIT
865-5400
LARGE PIZZA
WITH CHEESE or PEPPERONI
WITH CHEESE or PEPPERONI
11410 KASOLD DR.
Little Caesars
Go to Kansan.com for more great offers