Click here to receive your FREE subscription to Campus Technology
Features
University of Memphis: Cooperation, Communication Key to Security
4/29/2003
By Robert Jackson and Dr. Mark N. Frolick
Perhaps the best way to understand how security issues can affect a learning organization is to experience them first-hand. Robert Jackson, Systems Administrator at the University of Memphis, had that opportunity when a Microsoft SQL server was affected.
Warning Signs
The University of Memphis IT department has several groups that are responsible
for various functions. The Intel Server Support Team (ISST) consists of server
administrators who are responsible for the security and well being of the Windows-Intel
servers, and service administrators are responsible for applications that run
on various server platforms. The compromised server was running the Windows
NT4 operating system with service pack 6, MS-SQL 6.5, and IIS 4 in addition
to an older version of a Web programming language, PHP.
In 2002, ISST received a warning message from the server-monitoring software regarding disk space on the affected server. After working with the Web services team, ISST discovered large amounts of disk space being consumed by file structures hidden within the Windows recycle bin. This hidden file structure was enough proof that the server had been compromised. The issue then became how to deal with taking an important server off the network.
Enforcing Policy
The director responsible for infrastructure was notified immediately. After
evidence of the compromise was presented, ISST and the director agreed the server
had to be disconnected from the network. Proper officials within the department
were notified of the server’s compromise and finally agreed that it should be
disconnected from the network. The decision was particularly difficult because
it was the university’s online knowledge base and had been growing in popularity
following a series of promotions by the department. Once the server was taken
off the network, recovery efforts were started.
Because debates ensued about whether the hacked server could be returned to service, 12 hours were required to restore the server: There were attempts to recover data from the server instead of backup; time was required to rebuild the server, as well as to reinstall all necessary applications. Clear security policies and procedures could have eliminated the confusion that occurred during this phase.
Forensics
A forensics investigation revealed hackers gained access to the system through
a blank password on the "sa" account of MS-SQL. Although the service administrators
stated a password did exist for that account, the ISST group determined there
were log entries indicating the "sa" account had been used to compromise the
server. Upon connecting to the server with the open "sa" account, the hackers
used the xp_cmdshell procedure, the result of a default MS-SQL installation,
to execute appropriate commands to gain full access to the server. Once full
access was obtained, the hackers installed an FTP server on the machine and
began to utilize the university’s bandwidth and storage capacity for illegal
means.
Teamwork and cooperation, two of the main tenets of the learning organization model, were called into question when ISST presented the results of the forensic investigation. The goal of any forensic investigation should be to inform and educate, not to place blame.
Recommended Reading
- Tiffin U's New Online College to Use Pearson's eCollege for Course Management
Beginning this fall, students in Tiffin University's newest online program, Ivy Bridge College, will use eCollege, a course management system from Pearson, for all of their online courses. The 2,350-student Tiffin U is located in Tiffin, OH and offers both on-campus and online classes. Since 2005, those online courses have been managed through Jenzabar Internet Campus Solution.
- California Community Colleges Adopt SunGard Banner Software
California's Rio Hondo College and Sierra College have selected software from the Banner Unified Digital Campus and other solutions from SunGard Higher Education to help address their growing enrollments and to help improve student retention and services.
- Luidia Releases eBeam Interact 2.1 for Interactive Whiteboards
Luidia has released a new version its eBeam software for use with classroom-based interactive projection environments. eBeam Interact 2.1 offers both new and upgraded features, including enhanced screen recording and a comprehensive online image gallery, as well as the company's Scrapbook Image Writer feature.
- McGill U Library Scanning Rare Books with Kirtas
McGill University Library in Montreal will be using a Kirtas Technologies APT BookScan 2400RA to digitize its collections. The company says that the 2400RA is capable of acquiring page images at the rate of 2,400 pages per hour. The library will be working with Ristech, a Canadian reseller, to implement the digitization solution.
- Ball State U Web Sites Now Managed with Sitecore
Ball State University in Muncie, IN has gone public regarding its deployment of a Web site content management system from Sitecore. Ball State chose Sitecore's software to revamp its 220-plus sites, integrating common new media applications and garnering a next-generation user experience that has won several awards from education and new media marketing organizations. Now, Ball State maintains uniformity across all university Web sites and said it has enhanced its recruiting efforts through the site's new look and interface.
- Bio-Key Launches Emergency Alert Platforms for Schools
Bio-Key International has announced the release of two new emergency alert and management solutions for the education market. MobileSRO is designed specifically for the K-12 environment, while MobileCampus caters to higher education and other campus-based organizations.
