CIT Security Program Protects Against Hacker Attacks
By Kevin Haney
When the ILOVEYOU virus disrupted email traffic around the world in May, it made many people realize how much they rely on email in both their professional and personal lives (as the old adage says, the quickest way to make someone appreciate something is to take it away). And several months before the virus, many major commercial Internet web sites were brought down by a denial-of-service attack perpetrated by teenaged hackers. These types of incidents have made many people realize that the Internet, and thus their own email communication and web surfing, is vulnerable to viruses and other sorts of malicious activities. In fact, NIH experiences attempted hacker attacks and other nefarious electronic events every day. While usually not serious, these attacks illustrate the fact that the Internet can still be a very dangerous (virtual) place if the proper precautions are not taken.
CIT has been taking steps to ensure that access to NIH IT resources are not disrupted by these kinds of attacks. Among these steps are the following:
CIT has also created new mechanisms to communicate important security information to NIH staff. Three new email lists, to which any NIH employee can subscribe, have been created (see sidebar for subscription instructions). IT-SECURITY is a general list that will be used to communicate general, non-platform specific security information to NIH. WIN-SECURITY will be used to post information on newly discovered vulnerabilities and incidents on the Windows-family platform, and UNIX-SECURITY will be used for the same purpose except it will cover all UNIX platforms. Most system administrators will likely subscribe to two lists. It is especially important that any NIH staff member who is a system administrator subscribe to either WIN-SECURITY or UNIX-SECURITY, based on the types of systems they administer.
CIT staff is available to assist with security issues, as is the Information Systems Security Officer (ISSO) for each IC. A list of ISSOs for each IC can be found at http://irm.cit.nih.gov/security/scroster.html. In addition, security incidents can be reported to TASC at 594-6248. Incidents should be reported when they occur.
Up to Top