Early
in the morning of 20 September 2001 when I came into the office
and switched on the PC as usual, the screen was appearing funny
and small windows kept popping up as if they were saying hello
to me. While I was wide at sea about what had happened, a neighbouring
colleague came to my rescue and told me that we were likely
to be attacked by a virus/worm.
And the
Operation Fighting Nimda formally began.
An interim
command was set up at once, and the whole of the Computing Services
Centre (CSC) was on the alert and prepared to fight the malicious
worm. All departments were informed of the news and to shut
down the machines right away to stop the infection from spreading.
At 10 am when the necessary information of Nimda and the essential
patches were collected, the technical staff of the CSC and the
Enterprise Solutions Unit (ESU) were immediately gathered, briefed
and sent to all departments that had reported to have infected
with Nimda to carry out the rescue - to check the machines,
to clean up the worms if the machines were infected, to apply
patches to all machines, and to boot up the systems again when
all machines in a department were all fixed.
Minimal
staff were left in the office for liaison, and most were running
in and out of the office cross-checking for the latest information
and reporting on the progress. It was just like in the battlefield.
After one whole day of hectic work, except for those departments
who opted to take care of their own machines, most machines
in a number of departments were rescued by the following day,
and were able to perform their duties as normal.
After this
worm attack, I was thinking, what did we learn from it?
This incident
certainly reminded us of the urgency to raise users' awareness
on security protection so as to better protect our campus network.
At the moment, some departments look after their own servers,
and CSC's recommended measures, security patches, and virus
updates may not be adopted or implemented in time. As a result,
these servers were invaded and being used to mount other attacks.
We need to better organise the University strength in intrusion
detection and virus protection, and to have better control and
management of the network services. The CSC is now working out
ways to tighten the network security in various areas, and though
this may cause some inconveniences to users, it is necessary
and vital if we want to safeguard the users' interest and protect
the University from avoidable virus/worm and hacker attacks.
We in the
CSC will definitely continue to work hard to strengthen our
sophisticated network to fight against virus/worm attack. How
about you? Will you lend us a hand?