InfoEagle Security Upgraded In Wake of Breach

By Michael Seele
Chronicle Editor

Security on the University's main World Wide Web server, InfoEagle, has been upgraded in the wake of a breach earlier last month that disrupted service for about two weeks.

Information Technology identified and repaired a weakness in the server which enabled an intruder or intruders to access the InfoEagle server, apparently via the Internet from a site in France, and post the home page of a political group. Access to the InfoEagle and Personal Web servers was restored and IT is in the process of evaluating the security of other computer systems on campus. Specific preventative measures are being applied on a case-by-case basis.

The intrusion did not damage any data on the computer and the phony home page was largely nonsensical. However, the breach presents a serious security threat since access to one computer can sometimes be used to gain access to other computers on the network, said Associate Vice President for Information Technology Bernard Gleason Jr.

Because of this risk Information Technology restricted Internet access to many other campus computers while the security problem was investigated and preventive measures were installed to guard against future intrusions. Among the servers to which access was blocked were several computers residing in academic departments that were not directly involved in this incident but needed to be assessed to ascertain their vulnerability to similar attacks. Most of those servers are now operational, Gleason said.

Gleason said the new measures have thwarted several attempts to breach computer security since the original incident.

In the second phase of its response to the intrusion, Information Technology is evaluating the security of all UNIX systems and all other public Web servers located in academic and administrative departments, and within IT. If these evaluations show any security weaknesses, corrective measures will be taken, Gleason added.

"Unfortunately, this type of intrusion is not uncommon in the computing world and computer security has long been a concern at Boston College," said Gleason, who noted that security issues are changing with the rapidly evolving technology.

"Initially, computer security centered around preventing theft of the machines themselves," he said. "But with the explosive growth of interconnected networks, the security threat now is to the data and that threat can come from inside or outside of an institution. As more and more computers connect to the Boston College network and more of the University's business is conducted over the network, security has become a critical issue. The recent incident at BC has brought the risks much closer to home."

Information Technology Director Martin Smith added that IT staff is working with line vendors and software providers to continually evaluate and upgrade security. As BC moves to an "intranet" to do campus business, it must balance the need for restricted access to some information with the need to make public information easily available to prospective students and others, he said.

That is complicated somewhat by the University's desire to make information resources available to users off campus. "Even when you're working from home, from a conference or from any other location, you need to have the same security you have on campus," Smith said.

Although disruptive from a service perspective, the intrusion has raised awareness of security and has led to an overall improvement in security for campus systems, Gleason and Smith said. The incident also presents members of the Boston College community the opportunity to review their own security precautions for computers and information within their control.

Gleason suggested that individuals take the following measures to improve security of their computers:

- Keep passwords and PINs confidential.

- Make regular backups of systems and data that can be used in the event of unauthorized access, theft or disk crash.

- If a personal computer is made available for shared use on the network, restrict access to known users through passwords.

Return to July 17 menu

Return to Chronicle home page