Responding to Large Scale Incidents at UFL

An effective security program has a number of components. The information security program at the University of Florida (UF) has expanded over the past four years in response to the growing issues of network and data security in a connected world. Among the many important components implemented at UF are a distributed network intrusion detection system, a contact database for network and server managers, vulnerability assessment software , regular proactive scans and audits, and a number of policies . The university was able to cope with the recent wave of RPC worms using the above components.

Information security has seen a shift in the last few months from a model based on protecting networks and servers to an increased focus on end-user systems. While worms and viruses have always been a threat to end-users, the impact of a virus infected computer on the network was relatively minimal. In recent times, however, client machines have been subject to the same threats as servers. They are abused to send spam, participate in denial-of-service attacks, or store illicit data. The end-user population experiences unique problems not associated with the server population. In many ways the end-user population is a larger threat to network stability than servers. Many end-user systems, particularly on nomadic networks such as wireless, walkups, dialups, classrooms, VPNs, dorms, and libraries, are not adequately protected. Since professionally managed servers usually have higher levels of protection, it makes sense that the newest wave of attacks would be directed at the soft spots in the end-user population. Universities typically have a large population of personally managed machines. The heightened focus on end users combined with the large number of nomadic users was aptly targeted by the problems caused by the spate of RPC vulnerabilities in Windows workstations and accompanying worms.