Technical Solutions

Before an attacker decides on the form of attack, he or she has to decide what forms of attack are possible. This is often done by a port scan. A port can be thought of as a channel in which an program running on the computer listens on for incoming network traffic. Programs can request to listen to different ports for their own network communication purposes. Hence, an attacker can easily tell which programs and running by doing a port scan on the target machine. From the port scan, the attacker can then decide on the type of attack since he has the list of vunerable programs running on the target machine. If we are able to withhold or prevent the attacker from obtaining such information, then it will make attacking networked machines a lot more difficult.

An internet worm spreads extremely quickly in the first few minutes after it's released, and then experiences an exponential decrease in the number of users affected after that

In addition, it is crucial for system administrators to try to curb the spread of internet worms immediately after it has been released in order to minimize the number of users infected, as can be seen in the graph above.

Port Knocking
One such method is called port knocking. Port knocking is a method of establishing a connection to a networked computer that has no open ports. Before a connection is established, ports are opened using a port knock sequence, which is a series of connection attempts to closed ports. A remote host generates and sends an authentic knock sequence in order to manipulate the server's firewall rules to open one or more specific ports. These manipulations are mediated by a port knock daemon, running on the server, which monitors the firewall log file for connection attempts which can be translated into authentic knock sequences. Once the desired ports are opened, the remote host can establish a connection and begin a session. Another knock sequence may used to trigger the closing of the port. An attacker will not be able to obtain or know what ports are open on the target machine since he or she does not know the authentic knock sequence.

Automated Patching
Automated patching will help in the problem or ignorant or lazy users. It wil also reduce the amount of time the system administrators have to put into patching computer systems on the network. At the same time, because viruses and worms spread rapidly(infecting thousands of machines in less than an hour), manual patching is often too slow to combat such a digital epidemic. Instead, automated patching, if implemented effectively, can match or exceed the speed at which worms and viruses propagate. This will be crucial to prevent the further spread of viruses and worms throughout th network. Automated patching has already been implemented by software companies. Since the release of Windows XP and Service Pack 3 for Windows 2000, Microsoft has offered a free and automatic Operating System updating tool, the Automatic Updates service. This service automatically connects to either a local or Microsoft update site, downloads approved updates, and installs the updates at a scheduled interval on the computer. The Automatic Updates service can deploy current and future updates to thousands of machines in minutes, instead of 15-20 minutes per machine for a manual update.

IP Puzzles
To lower the risk of any of a DOS attack on the campus servers, one can employ the method of IP puzzles. The general idea behind this approach involves the server sending the client a puzzle over the network if the client requests some form of access to the server. Valid clients will send in a correct response to the server. Rogue clients controlled by the attacker for the purpose of a DOS attack will not know the answer to the puzzle, allowing the server to ignore the request from the client. This will allow the server to actually identify which requests to it are legitimate and which ones are the results of potential DOS attacks.

From the statistics gathered, we know that a significant percentage of machines got broken into due to security flaws in the Windows File Sharing network protocol.

Sandboxed Applications
Because campus servers contain private data by hundreds of users on campus, they are ideal targets for an attack. Campus servers also run many different types of applications to serve the various needs of their users. Some ot these applications might contain security vunerabilities that are open for exploit. One way to reduce this risk is to run such applications in a sandbox. A sandbox is used to refer to a test system which replicates (often in reduced size or capacity) the actual computing environment for which software is being developed. The presence of such a safe, controlled environment allows developers to try experimental code without fear of damaging a mission-critical system. At the same time, sandboxes also act to contain the damaged caused in the event of a potential break-in. This will prevent the loss of personal data(like user passwords) if we are able to separate the data from the sandboxed application.