Flash back. Rewind the clock. It’s last year. It’s August 2003. Was this you?Were you one of those students whose computer was infected with the Blaster or Nachi virus or both within seconds of connecting to the network last August 2003? Were you one of those students who had not a clue what Blaster, Nachi, Welchia, Netsky, Bagle, MyDoom, Sasser, or what a virus was, or what adware, or spyware, or anything was? Were you one of those students who were unable to get on the Internet for most of the fall semester – no e-mail, no chat, no IM, no nothing? Was your network port blocked so you had no Internet access, or were you quarantined? Were you one of those students who were studying for a final exam on Thursday, December 17, 2003 when the network went down for 21 hours? ITS (Information Technology Services) and SOURCe (Student Operated User Resource Center) staff worked unremittingly through the entire fall 2003 semester, collapsing with exhaustion as the semester ended in December. Viruses, worms and denial of service attacks had gotten the best of us. They had gotten to us through e-mail attachments, KaZaA file shares, IM links, computers with weak or non-existent passwords, computers with out of date or no antivirus software, and operating systems for which hot fixes and security patches had not been applied. Everywhere we turned, vulnerabilities had been exploited. Hundreds of student computers were infected throughout the semester. Thousands of viruses were traveling across our wires on a daily basis infecting computers over and over over again.Only with major changes to the Colgate network infrastructure, with changes to computing requirements and policies and with changes in personal computing habits could the situation be brought under control. This article explains five major changes that have been made over the past 12 months to the Colgate network infrastructure and personal computer network connection requirements. Future Maroon-News articles will be dedicated to explaining measures that every personal computer owner and user should know, and what everyone should do in order to protect their computer and their computing identity from becoming the next victim. Also look for Maroon-News articles in future issues that will introduce the SOURCe student staff and new support services!
Change #1 – Network Subnet: Network VLANs ITS began implementing changes in January 2004 with the subnetting of the network. The network was divided into smaller segments called VLANs. VLANs are organized by class year for students, with many other VLANs serving special purposes, such as those for classrooms, labs, wireless, and even a place for students who have devices such as the Xbox, which allows for play across the network. The VLANs serve one primary purpose – to separate network traffic into smaller groups so that in the event of a network crisis, such as a virus outbreak or a denial of service attack, the impact can be isolated within a VLAN. Yes, it could adversely affect any computers in that VLAN, but the goal would be to contain and even stop the problem before it took down the entire network.
Change #2 – Registration: The MAC Address The events of the fall 2003 semester made clear the need to be able to quickly identify and contact the owner of a device connected to the Colgate network. The computer name was not enough (We never did find that computer named Aristotle that flooded the Colgate network throughout the entire fall semester with Nachi traffic). The best way to identify a network device is through what is called the Media Access Control (MAC) address of the network adapter. The MAC address is a unique identifier – there are no two MAC addresses that are the same. On the Colgate network, registration of the MAC address is done through the portal, tying a MAC address to an e-mail address, which is associated with a Colgate employee or student.
Change #3 – Blue Socket: Network Log In New for the fall of 2004 has been the implementation of a required identification for every computer that connects to the Colgate network. The identification is achieved via a Blue Socket service. Log in is required for both network and wireless connections. While it has seemed a hassle, it has enabled students to immediately gain access to the Internet and Colgate network resources important to students, including Blackboard, the portal and e-mail. In order to eliminate the need to continually log in, students need to register their MAC Address and install the ePO Agent. The Blue Socket services have provided members of the Colgate network community with a level of protection never before realized at Colgate. No one can just “plug in” to the Colgate network and remain anonymous. This protects all of us from threats that could be initiated right on our own campus.
Change #4 – Quarantining of MAC Addresses Quarantining a computer (actually the MAC Address) means placing it on a restricted part of the Colgate network. This prevents the computer from spreading the virus/worm it is infected with to other computers, whether it be by network connection, e-mail, etc, since the computer will effectively have no access to the Internet or the local area network. In short, quarantining keeps your computer running smoothly when other computers become infected and it keeps other computers running smoothly when your computer becomes infected.
Change #5 – The Agent: An Enterprise Approach to Antivirus Management The events of the fall 2003 semester revealed a shocking truth – many personal computers were running no antivirus software at all, and those that did were out of date by months and, in some cases, years. This meant that not only new viruses, but also those that were one, two and three years old (such as LovGate) were still reeking havoc on the Colgate network. Antivirus software has been provided free of charge to Colgate students for years, so the issue of being out of date was not due to cost. It was due to a lack of understanding of how to keep it up to date. During the middle of the fall 2003 semester, ITS made an enterprise antivirus management tool available to students, again free of charge. This tool, called the ePO (ePolicy Orchestrator) Agent, keeps antivirus software up-to-date by scheduling daily, weekly or monthly updates of virus definition files. In the event of an outbreak, ITS can issue what is called a ‘wake up call’ to push an emergency update to all computers that have the Agent, thus protecting them from a newly identified threat. The Agent was installed on all Colgate owned computers (including those used by faculty and staff) last year, and offered to students as an optional level of protection. Because of its effectiveness in protecting the Colgate network and personal computers, the installation of the Agent is now required in order for students to be moved to a class VLAN and be provided with full access to the Colgate network. .Students who do not install the Agent will remain on the default VLAN. The choice is yours. Register your MAC address and install the ePO Agent and your computer will be moved to a class VLAN. If you do not want to register or install the Agent, then you can have access to the network via the Blue Socket connection. Please contact SOURCe if you have questions or need assistance: [email protected]