Modern Smartphones Among Network Attacks on California University
School's IT security team using open source, commercial intrusion detection systems to combat onslaught
Almost 50,000 separate network attacks each week take aim at the California State University, San Bernardino, and the latest trend is seeing attackers go after students' Google Android and Apple iPhone mobile devices.
"It's everything you can imagine," says Dr. Javier Torner, who is responsible for coordinating information security on the campus attended by 17,000 students. "[We've got] big bandwidth, 600Mbps of traffic, and it's everything from scans to SQL injections to brute-force attacks."
University information technology staff operate both open-source and commercially available intrusion-detection systems to monitor the incessant barrage, which originates mainly from the U.S., Russia and China, some of it automated, some not. Some attacks pound away day and night against university websites, trying to break in through them in order to get to another part of the network or post malware.
"They're trying to target our websites, and then going after mobile devices connected to a website," says Torner, the information security officer. He notes a large number of students now connect to the websites through their mobile Apple and Android tablets and smartphones, which outnumber traditional computers or Macs. So it's not surprising attackers are gunning for iOS and Android devices, and sometimes they succeed in compromising Web pages.
Android devices have a reputation for being more vulnerable to malware
Android devices have a reputation for being more vulnerable to malware, but Apple iOS devices -- even ones that students themselves haven't "jailbroken," eliminating Apple's security -- also have been compromised through what appears to be Web-based malware, says Torner. "In Web pages, the payload now is more directed against mobile devices," he says.
This tallies with an observation made by analysts at Lookout Mobile Security last week that it has spotted for the first time websites that have been hacked to deliver malicious software to devices running Android in a drive-by download. Symantec last week said it has seen Android drive-by downloads since last November but that they have been limited. Drive-bys have been a common form of attack against PCs for quite a while, and now appear to be widening to mobile.
California State University, San Bernardino, operates an open-source SNORT intrusion-detection system, and has added the commercially available MetaFlows sensors to gain extra functionality in analyzing IP flows, Torner says. The dual monitoring system lets the university run comparative analysis. Sometimes university students working on degrees in information assurance join forces with IT staff in hands-on training projects for this.
Torner says the experience in intrusion-detection monitoring shows that within just a few hours of software vulnerabilities being made public by vendors or others, attackers will start going after any possible weakness, especially Web holes. "They're trying to find an opening," he says. This makes the task of updates and patching critical.
Occasionally an attacker or malware gets through and tries to go after university computers. There are about two or three incidents each month, "but we have been able to thwart attacks," he says.
Emerson Network Power and NxtGen announced a partnership will help businesses leverage Emerson Network Power’s Smart Solutions infrastructure products with NxtGen’s On-Premises Datacenter services to quickly build and deploy datacenters and manage them effectively
Securing data has been the IT team’s headache since internet became a ‘phenomenon’ and now with the advent of new enterprise technologies/trends and increasing complexities, security should ideally be taking precedence.
With more than a billion monthly active users, it's easy to imagine that most of the data travelling over Facebook's networks is delivering photos, status updates and "likes" to its end users, but that's far from the case.
Java continues to be Public Enemy No. 1 when it comes to computer and network security. Oracle released a huge update for the virtually ubiquitous software, but attackers aren't done exploiting Java as the weakest link in the security chain, and Oracle isn't securing it fast enough.