Information Services remains vigilant but needs users’ help to keep network secure

Photo
Wendy Mackey works to fix a computer at the University of Nebraska-Lincoln repair center.

Story, photo and video by Matthew Butts, NewsNetNebraska

A new Facebook worm is using stolen-user credentials to log in to victims’ accounts and then send out malicious links to their friends.

The U.S. Computer Emergency Readiness Team recently issued a warning about an increase in phishing scams trying to take advantage during the holiday season.

The FBI is investigating allegations that the U.S. 2018 World Cup bid team had its email account hacked by a rival country.

The stories involving comprised computers are everywhere it seems. And the University of Nebraska-Lincoln is paying close attention.

UNL uses a small team to assess and manage the danger on and around the UNL network. This Information Services security team keeps track of attacks on network computers and where those attacks come from. If someone unsuccessfully tries to access a UNL computer too many times, the user will be quarantined and prevented from trying again until cleared. The team also maintains the most secure versions of software, and responds to threats as needed.

The team is currently trying to extend the hours they manage the intrusion prevention system. The hope is that they can reach around the clock protection without adding new staff.

In the case of UNL’s network, one compromised machine can affect many, said Rick Haugerud, a Information Security officer.

“Once the bad guy takes over the machine, he has access to all the things the machine owner had access to,” he said. “The machine will typically be used to attack other machines within UNL and around the world. Once the machine is compromised, you typically will need to consider all data on the machine compromised. If you are a researcher, this can be a big deal,”

Haugerud suggests several steps for users to take to keep computers secure.

• Use strong passwords
• Disable any ports on the machine not in use
• Be careful in which websites you visit
• Enable auto update for your operating system
• Regularly patch/update all programs
• Install an anti-virus and update the anti-virus signature daily.

While those steps may seem like a lot of work, Jesse Kudron, a UNL senior art major, knows first-hand what can happen when a computer gets compromised. His fraternity had to discontinue using a server for its website when it became too much of a problem.

“We had a guy’s account taken over because he kept his default password,” Kudron said. “We had people accessing our forums who shouldn’t have, and we had to deal with viruses on the machine. Almost every time we had to shut everything down for a few days. Sometimes we lost the data completely.”
____________________________________________________________________________________________

Video: How the UNL Computer Repair Center deals with unsecured computers and other problems.

We are using embedded Flash videos please update your Flash Player. If using a mobile device you can access content from a mobile download located below.


download Download Video:mobileweb

____________________________________________________________________________________________

Cracking passwords and installing viruses isn’t the only way for somebody to gain control of a computer. Phishing scams use emails to try and get a user to freely give up their password by directing them to a website that looks and feels like a popular legitimate one. These scams are becoming increasingly sophisticated and harder to detect, so people need to be careful about sharing passwords.

“Don’t ever provide user name and password in response to any kind of an email request,” Haugerud cautioned. “Any reputable organization will not ask you for those items. If you ever feel you are being requested to provide those items via an email, don’t. If you have to, call them and verify they are legit, and provide the info over the phone.”

People should be careful about what information they try to access where, especially with Wi-Fi hotspots sprouting up all over the place. But Haugerud cautions that these are often unsecured. Checking a bank accounts from home is fine, but he warns against doing it at the local Starbucks.

A little preventive maintenance and attention can make all the difference, Haugerud said.

Kudron agreed.

“It’s better to do it right the first time around, than have to fix all the problems.”