Computer Centre has received a note from Professor Brian W. Darvell of the Faculty of Dentistry on his view of computer and network security in the campus. We have reprinted his note below together with a response from Computer Centre :

A. Professor Darvell wrote:

 "I should like to draw your attention to the fact that your PC, by virtue of being connected to the University's network and thus to the rest of the world, is not secure in any real sense. You might have supposed that the firewalls in place on the University's servers would protect you. This is not the case, nor is expected to be true. Your personal machines are all subject to attack and abuse by hackers.

This is based on the observations I have made over the last month since I installed an intrusion detection and firewall program on my PC. There have been over of 50 serious and suspicious attacks since the 5th of January (only a few 'attacks' can be discounted as innocuous), for a machine that is only on 5 days a week! So far they have come from Europe, Beijing and the Asia-Pacific region, as well as UST and Chinese U.

I find this all very disturbing, both as regards the security of my machine and the material on it, but also because of the wider implications for the the University's system - which I understood, rather naively, was protected and therefore that all PCs connected to it ought to be as well.

Whilst I make no warranty or representation about the product, the software I have installed is "Blackice Defender", for ~US$40. I think it works (no vulnerabilities detectable), and it has received very good reviews.
See the website: http://advice.networkice.com/

You may like to check the security of your machine by going to:
http://grc.com/default.htm
click on Shields UP! and follow the instructions.

Alternatively, go to
http://www.webtrends.net/tools/security/scan.asp
supply your email address for the report, and Go.

This all is rather revealing.
The question of the wider security of the University's network is another matter altogether...
 

Dr. Brian W. Darvell
Reader in Dental Materials Science
Click here to send email.
tel: (+852) 2859 0303 fax: (+852) 2548 9464"
 

Computer Centre would like to thank Professor Darvell for his interest and concern on the computer and network security in the campus.  As the University is now heavily using IT for our activities in teaching, learning, research and administration, the issue of network security should not be under-estimated.

It is perhaps a common misconception that because Computer Centre has installed a firewall to protect our campus network, then computers in our campus are totally secure.  We hope our response below will clarify the situation and set the proper expectation and responsibilities for our users on computer and network security:
 

• Security at Network level


Any networked computer can be a subject for intrusion from the network as we have no control over the behaviour of the other users on the Internet as well as our Intranet. The security of a networked computer on campus is similar to the security of your office or house and is largely the responsibility of the owner.

We would like to point out to our users that in a closed network environment, the firewall can be deployed to bar all incoming access from outside to provide a secure network environment for its internal systems. But in an open network environment like our campus which is connected to the Internet, our firewall and other security related systems are deployed as an alarm system for intrusion detection rather than blocking the offending system from which the intrusion attempts originate. Blocking an offending system from accessing systems on the campus network can have an adverse impact to our users and Internet services as it can cause inconvenience to the legitimate communication/access to the offending systems by our users as well. Besides the offending system could be an innocent victim which could have been used by others as a stepping stone for intrusion. Computer Centre's firewall will be set to block a system from accessing our campus only when we are sure that it is causing vicious intrusion or the offending system has failed to stop the intrusion attempts despite our repeated reporting of the incidents to its system/network administrator.

While our firewall will detect and report intrusion coming from the Internet, it will not detect intrusions originating from the campus network to other systems in the campus network. Such internal intrusions are monitored by other tools and are dealt with according to our procedures and University Regulations on using our network and computing facilities.
 

• Security at Computer level


There are many people on the Internet who are systematically scanning computers on networks, and our University network is not spared from these attacks.  Such scanning software are easily obtainable from the Internet and we must therefore be very cautious with our computers connected to the network.

The intrusion process is an exploitation of software bugs or security holes. Every now and then, the vendors will provide fixes for their software bugs. Users can better protect their computer systems from being intruded by upgrading the software regularly with the latest fixes, e.g. Windows98, Office2000, Solaris, Linux etc.  The contamination of a system by computer virus is also intrusion of one kind.  It is therefore necessary to be cautious of the security issues and protect one's computer when it is connected to the network.
 

We hope Professor Dravell's message will not cause undue alarm on our users.  Our campus network is quite secure.  We keep close watch of our network to monitor security breaches and our staff keep themselves constantly updated on the latest technology in computer security.  If you should have any concerns on the security of your computer or network in the campus, please do not hesitate to contact our Helpdesk or email us at ithelp@hku.hk.

Finally, we would like to inform our users that we have not used the "Blackice Defender" software which is quoted by Professor Darvell. Also, we have neither tried out nor validated the two websites suggested by Professor Darvell for checking the security of our systems. Users are hence advised to take the necessary precaution in accessing these two websites for security checking.
 

CM Mak
Tel: 2859 2491
Email: cmmak@hku.hk