Network Security
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Hacker at High School in Saginaw
- From: Paul Howell
- Date: Mon Mar 08 08:06:19 1999
Hi Jeff,
A rule of thumb is to turn off all services which you don't need.
For the ones that you do need, make sure that you are up to date on
all security patches.
One thing worth doing is to use a port scanning program such as
nmap to look at your site from someplace else on the Internet. This
will give you a sense of what others can learn about your machines.
Another option is to use a commercial scanner from either ISS or
Network Associates, to scan the servers for vulnerabilities. These tools
cost money though and like anything which requires interpretation,
having some experience with the subject helps.
A popular network configuration for protecting DNS/Web servers which
must be exposed is to create a DMZ and place the servers in the DMZ.
A DMZ can be created with filters on a router between the servers and
the Internet. The filters are restrictive enough to filter unwanted
traffic, but not too restrictive as to filter out legit traffic to/from
the servers. For example, block telnet/ftp from the servers to anywhere
on the Internet if you're never going to be doing it.
Lastly, watch your logs. Both for traffic coming to the servers and
for traffic leaving the servers.
Regards.
< paul
"Jeff Johnson" writes:
> Paul,
> I have been addressing these issues for the Saginaw County schools where =
> all 13 public school districts have an "Ameritech Education Avenue" server =
> in place which was originally installed with BSD 2.1. As these hacker =
> incidents began to occur, I have been upgrading the servers to Redhat =
> Linux 5.1 and 5.2 and have been turning off telnet access plus a few other =
> services. Since the districts only use these servers for DNS and to house =
> their websites they didn't need telnet access. I still keep FTP running =
> though since they use that to publish their web pages. Is there any other =
> unix service I should be aware of that is generally an easy target on =
> these machines (BSD or Linux)?
>
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
> Jeff Johnson, CNE
> Network Administrator, Saginaw ISD
> http://isd.saginaw.k12.mi.us
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> =3D=3D=3D=3D=3D=3D=3D=3D=3D
>
>
> >>> Paul Howell <grue@merit.edu> 03/04 8:09 AM >>>
>
> at: http://sa.mlive.com/news/index.ssf?/news/stories/hackers.frm=20
>
>
> An uninvited guest=20
>
> The hacker may have come from Moscow.=20
>
> Tuesday, March, 2, 1999
>
> JODI McFARLAND=20
> THE SAGINAW NEWS=20
>
>
> Bridgeport High School's speedy Internet
> connection made it an attractive stopping place for
> a computer hacker.
>
> The school's T1 line, a fiber optic link to the Web,
> lured the outsider in October, said Christian M.
> Palasty, computer technician for the
> Bridgeport-Spaulding Community School District.
>
> "They were using us as a server for a chat
> program," he said. "We were also being used as a
> lily pad, using us to hop to other locations."
>
> From the server, the hacker visited the chemistry,
> physics and ra diology departments at the
> University of California at Los Angeles, Harvard
> and Franklin University in Ohio. The visitor also
> hacked into Lockheed Martin Corp.'s system and
> may have come from the Institute of Moscow in
> Russia, Palasty said.
>
> He reported the hacking to the FBI, he said. Walter
> H. Reynolds, who supervises the bureau's Saginaw
> office, said he knew of no investigation.
>
> The identity of the hacker, or hackers, was not
> decipherable, Palasty said.
>
> "It was somebody outside the building, not
> somebody inside, but it could have been a student
> from home," Palasty said. "They tended to know
> what they were doing, hiding their footprints more
> than a common hacker would. They knew
>
> They were using us as a server for a chat program.
>
> CHRISTIAN M. PALASTY
>
> Bridgeport schools computer technician
>
> enough to hide themselves, not enough to hide
> themselves completely."
>
> In early December, the district cut the student
> e-mail service that allowed the hacker to gain
> access under the name "Ted," Palasty said.
> Students now use free Web e-mail accounts.
>
> "We found Ted on there and said, 'Who's Ted?'"
> Palasty said.
>
> With the modifications, he said, "a hacker cannot
> gain access the way this person did. There's no
> chance of it now."
>
> The visitor didn't damage equipment or delete files,
> Palasty said. Student grades and teacher
> information is not accessible through the system.
>
> The district was attractive because of its
> high-speed Internet connector and its available
> hard drive space, Palasty said.
>
> As schools add technology to their buildings and
> lessons, more weak spots could surface, he said.
> Hackers are finding it easy to use schools to
> conduct their foraging, he said.
>
> "(Schools) generally don't have the money to buy
> the high-tech equipment to lock them out," Palasty
> said. "Schools can't keep them out, so they tend to
> be attractive. That's what they're looking for. For
> fast access to the West Coast or East Coast, this is
> a prime location."
>
> Word of Bridgeport's hacking reached the Buena
> Vista School District, which also use the T1
> connector provided by Ameritech. In early January,
> school officials scanned their site to see if hackers
> were using it.
>
> "As we checked out the system, someone was
> trying to come through at that point," said
> Superintendent Vivian Keys-Brown. "We just
> unplugged our system from the outside lines."
>
> The district then bought equipment to ward off
> future uninvited guests, Keys-Brown said.=20
>
>
>
|
