Front Page

Previous Story

Next Story

NIH Record vertical blue bar column separator

CIT Security Program Protects Against Hacker Attacks

By Kevin Haney

When the ILOVEYOU virus disrupted email traffic around the world in May, it made many people realize how much they rely on email in both their professional and personal lives (as the old adage says, the quickest way to make someone appreciate something is to take it away). And several months before the virus, many major commercial Internet web sites were brought down by a denial-of-service attack perpetrated by teenaged hackers. These types of incidents have made many people realize that the Internet, and thus their own email communication and web surfing, is vulnerable to viruses and other sorts of malicious activities. In fact, NIH experiences attempted hacker attacks and other nefarious electronic events every day. While usually not serious, these attacks illustrate the fact that the Internet can still be a very dangerous (virtual) place if the proper precautions are not taken.

CIT has been taking steps to ensure that access to NIH IT resources are not disrupted by these kinds of attacks. Among these steps are the following:

  • CIT is running intrusion detection and firewall software in order to protect NIHnet from intruders and unauthorized activity. This provides real-time attack recognition and response that offers a greater level of protection against attacks.

  • CIT has an NIH-wide Incident Response Team (IRT), which investigates and responds to all reported actual and suspected IT security incidents at NIH. Since its inception in 1999, the IRT has responded to an estimated 500 security incidents at NIH.

  • CIT continuously scans NIH networks for potential problems. Specific networks or systems will be scanned by the IRT upon request and potential problems reported to the system owners. CIT provides site-licensed antivirus software and runs antivirus software on the NIHnet backbone as well (for more information, see

CIT has also created new mechanisms to communicate important security information to NIH staff. Three new email lists, to which any NIH employee can subscribe, have been created (see sidebar for subscription instructions). IT-SECURITY is a general list that will be used to communicate general, non-platform specific security information to NIH. WIN-SECURITY will be used to post information on newly discovered vulnerabilities and incidents on the Windows-family platform, and UNIX-SECURITY will be used for the same purpose except it will cover all UNIX platforms. Most system administrators will likely subscribe to two lists. It is especially important that any NIH staff member who is a system administrator subscribe to either WIN-SECURITY or UNIX-SECURITY, based on the types of systems they administer.

CIT staff is available to assist with security issues, as is the Information Systems Security Officer (ISSO) for each IC. A list of ISSOs for each IC can be found at In addition, security incidents can be reported to TASC at 594-6248. Incidents should be reported when they occur.

How To Subscribe to Security Email Lists

To subscribe, send an email message with the following text to the address

sub list-name your name

for example, sub IT-SECURITY John Doe


(These commands would subscribe John Doe to both IT-SECURITY and WIN-SECURITY — it is not necessary to include your name on any line after the first.) Type the command(s) in the body of the email message. Each line is treated as a separate command and multiple subscription commands may be sent in a single email message. No subject line or other data is necessary.

Up to Top