Security a top priority for UITS

Sophomore Laura Mellman mistakenly downloaded two viruses from her Webmail this semester, wreaking havoc on her personal computer. \nWith the recent onslaught of Webmail viruses and unauthorized access to the campus emergency Web site, students are nervously questioning the security of IU's network.\n"I don't feel that network security is good," Mellman saids "since I've already gotten two viruses."\nMark Bruhn, the chief of security for Information Technologies at IU, said he is confident the network is secure. His department is constantly working to keep worms and viruses from damaging it.\nBruhn said there are between 55,000 and 60,000 devices connected to the IU network. These include printers, servers, departmental networks, University-owned computers and student personal computers. Bruhn said it is these computers, the ones owned by students, that pose the greatest security risk to the network, as IU has no control over their security. \n"All programs have many security flaws when they are published," he said. "As the flaws are discovered, patches are released for these programs." \nBruhn said if the flaws are not patched, the system becomes vulnerable to worms -- programs written to exploit flaws in software. \nHe said the patches are very easy to install. \n"Students need to run auto-update for Windows," Bruhn said. "Windows can be set to automatically check for, download and install security patches as soon as they become available."\nThe other major security threat to the network is viruses. Bruhn said many students don't run and update their antivirus software, exacerbating the problem. \n"We spend a lot of money to provide tools like Symantec Antivirus to students so that they can keep their systems secure," Bruhn said. He added that antivirus software can also be set to automatically scan for updates and analyze the system. Doing this, he said, will ensure any viruses received in e-mails will be contained and eliminated before they cause damage and spread to other machines.\nBut another security problem is the openness of IU's network to the entire Internet, Bruhn said. He said there are pockets of systems and applications protected from the Internet but much of IU's network is accessible to the entire World Wide Web. \nBut he said IU is going through the process of installing a firewall on the network, a security measure that works like a filter. Bruhn explained the firewall would work by blocking certain files as well as making it more difficult for unauthorized users to gain access to the network. \n"The security threat from the outside is rapidly increasing," Bruhn said. "And while (the firewall) would not prevent all security breaches, it would significantly reduce them." \nHe said the undertaking is likely to cost an estimated $1.5 million, all told. \n"If a major worm even costs the University roughly $300,000, it doesn't take very many to make a firewall worth the cost," Bruhn said.\nAs far as the numbers are concerned, Bruhn said IU experiences thousands of viruses and several thousand worms each year. But hackers have only rarely succeeded in cracking the IU system.\nDespite this, Bruhn said the network security is good overall. The budget for the Office of Security and Policy for IT is $1.5 million, though Bruhn said IU likely spends between $2.5 and $3 million on network security. Bruhn emphasized these figures are rough estimates.\n"We at IU pay more attention to security than almost any other university of our size," Bruhn said. "Generally, students should be confident that their information is secure. But nothing is 100 percent." \n-- Contact staff writer Michael Zennie at mzennie@indiana.edu.