Computer Centre has received a note from Professor Brian W. Darvell of the Faculty of Dentistry on his view of computer and network security in the campus. We have reprinted his note below together with a response from Computer Centre :
A. Professor Darvell wrote:
This is based on the observations I have made over the last month since I installed an intrusion detection and firewall program on my PC. There have been over of 50 serious and suspicious attacks since the 5th of January (only a few 'attacks' can be discounted as innocuous), for a machine that is only on 5 days a week! So far they have come from Europe, Beijing and the Asia-Pacific region, as well as UST and Chinese U.
I find this all very disturbing, both as regards the security of my machine and the material on it, but also because of the wider implications for the the University's system - which I understood, rather naively, was protected and therefore that all PCs connected to it ought to be as well.
Whilst I make no warranty or representation about the product, the software
I have installed is "Blackice Defender", for ~US$40. I think it works (no
vulnerabilities detectable), and it has received very good reviews.
See the website: http://advice.networkice.com/
You may like to check the security of your machine by going to:
click on Shields UP! and follow the instructions.
Alternatively, go to
supply your email address for the report, and Go.
This all is rather revealing.
The question of the wider security of the University's network is another matter altogether...
Dr. Brian W. Darvell
Reader in Dental Materials Science
Click here to send email.
tel: (+852) 2859 0303 fax: (+852) 2548 9464"
It is perhaps a common misconception that because Computer Centre has installed a firewall to protect our campus network, then computers
in our campus are totally secure. We hope our response below will
clarify the situation and set the proper expectation and responsibilities
for our users on computer and network security:
Any networked computer can be a subject for intrusion from the network as we have no control over the behaviour of the other users on the Internet as well as our Intranet. The security of a networked computer on campus is similar to the security of your office or house and is largely the responsibility of the owner.
We would like to point out to our users that in a closed network environment, the firewall can be deployed to bar all incoming access from outside to provide a secure network environment for its internal systems. But in an open network environment like our campus which is connected to the Internet, our firewall and other security related systems are deployed as an alarm system for intrusion detection rather than blocking the offending system from which the intrusion attempts originate. Blocking an offending system from accessing systems on the campus network can have an adverse impact to our users and Internet services as it can cause inconvenience to the legitimate communication/access to the offending systems by our users as well. Besides the offending system could be an innocent victim which could have been used by others as a stepping stone for intrusion. Computer Centre's firewall will be set to block a system from accessing our campus only when we are sure that it is causing vicious intrusion or the offending system has failed to stop the intrusion attempts despite our repeated reporting of the incidents to its system/network administrator.
While our firewall will detect and report intrusion coming from the
Internet, it will not detect intrusions originating from the campus network
to other systems in the campus network. Such internal intrusions are monitored
by other tools and are dealt with according to our procedures and University
Regulations on using our network and computing facilities.
There are many people on the Internet who are systematically scanning computers on networks, and our University network is not spared from these attacks. Such scanning software are easily obtainable from the Internet and we must therefore be very cautious with our computers connected to the network.
The intrusion process is an exploitation of software bugs or security
holes. Every now and then, the vendors will provide fixes for their software
bugs. Users can better protect their computer systems from being intruded
by upgrading the software regularly with the latest fixes, e.g. Windows98,
Office2000, Solaris, Linux etc. The contamination of a system by
computer virus is also intrusion of one kind. It is therefore necessary
to be cautious of the security issues and protect one's computer when it
is connected to the network.
Finally, we would like to inform our users that we have not used the
"Blackice Defender" software which is quoted by Professor Darvell. Also,
we have neither tried out nor validated the two websites suggested by Professor
Darvell for checking the security of our systems. Users are hence advised
to take the necessary precaution in accessing these two websites for security
Tel: 2859 2491