Sun Workstations
and Servers: Beware of Hackers!
By
C. Y. Kwok
|
|
|
Huge volume of outgoing
Internet traffic, amounting to over 5 Gigabytes per hour, was
recorded between 28 September and 5 October 1999, resulting in
slow Internet responsiveness during the period and the University
was subject to a charge for jeopardising the shared HARNET Internet
link.
Four SUN workstations were identified
having contributed to such traffic. These workstations are believed
to have been compromised by an unknown hacker and used for launching
attacks against some Internet sites. Presumably these were some
sort of denial-of-service attacks in which the remote systems
(victims) were bombarded with heavy incoming traffic in order
to cripple or bring down their services. Even though the four
SUN workstations were also victims (for being hijacked) themselves
in this case, they are nevertheless legally liable for any damage
(such as losses in bandwidth, cpu, data, service, business, etc.)
caused to the remote systems.
The number of systems on the CTNET-II
having been compromised by the same hacker or other hackers might
not be limited to the above-mentioned four SUN workstations. Whoever
in possession of any Unix system or Windows-based servers (Windows
PC providing services) are strongly advised to check their own
systems for security loopholes. Please take note of the following
points when doing so:
- Ensure all passwords are
well protected.
- Lock the machine in a secure
place to avoid unauthorized access
- Upgrade the operating system
to the latest version, if possible
- Make sure all security patches
for the systems software as well as any applications software
running on the system have been applied. A good place
to look for such information is http://www.cert.org/
- Do not enable or start up
services which are not required on the system. Services
provide holes for hacking by hackers.
- Always shutdown the system
when it is not in use.
- Shutdown or disconnect the
system when it is believed to have been hacked so that
it can not be accessed by the hacker again.
- Disable or remove unnecessary
account
|
Further recommendations can be found
in our published General Security Guidelines for Administering
UNIX Systems at http://www.cityu.edu.hk/csc/stafflan/csc3-security-guidline.htm.