|
|
Issue
25 - September 2000
|
Network and
Port Scanning is An Offence
By
Annie Yu
|
|
|
Scanning
the University network or the ports on the network is a normal
exercise carried out by any network administrator. However, if
it is performed without prior approval, it is considered as an
offence. It will be disastrous if such activities are adopted
by hackers who will make use of the University or external facilities
to search for vulnerable systems within the University network
or other sites as break-in targets. In fact, a number of incidents
had occurred in the past whereby complaints had been received
from other Internet sites. In one particular case, the children
of a University staff had engaged in similar activities using
the staff's PC. Although some of these cases were not intentional,
nevertheless, they posed serious threats to the University network
as well as the privacy of others, which immediately prompted the
Information Systems Advisory Committee to take actions.
In
mid February 2000, the network/port scanning policy was established
and enforced by the Computing Services Centre (CSC) to take disciplinary
actions if 'unusual' or 'unauthorised' network or port scanning
on either the University network or sites outside the University
has been detected. Depending on the type of users, the responsible
parties are penalised accordingly:
-
If a staff
member is found performing unauthorised network and port scanning
activities, for the first time, he/she will be warned and
his/her department head will be informed. Further offences
will be reported to the Human Resources Office for action.
-
If a
student is found performing unauthorised network or port scanning
activities, for the first time, he/she will be either warned
(by e-mail or in person) or his/her computer account(s) suspended
for one week. His/her department will also be notified. On
the second offence, his/her computer account will be suspended
for a month. Further offences thereafter will be reported
to the Student Disciplinary Committee for action.
-
The network
administer of a department is allowed to scan the systems
within the department subject to the approval from the department
head and prior notification in writing to the CSC.
Sad
to say, after implementation of the network/port scanning policy,
unauthorised scanning activities still exist especially in the
modem pool. Gathered from the logged events detected by gateway
routers maintained by the CSC, there were still students who violated
the policy and were subsequently penalised for their actions.
However, during the investigation, it was found that some scanning
activities might have been performed by anonymous hackers using
trojan horses such as NetBus and Back Orifice via compromised
PCs of the students. Unfortunately, the students concerned were
still liable to the outcome of such scanning activities since
they are owners of the originating PCs. To avoid this situation
from happening, it is important to bear the following in mind:
-
Protect
your account/password well and change your account password
frequently
-
Do not
download/run unknown programs from the Internet
-
Use updated
personal firewall or equivalent programs to protect your PC
-
Ask for
help if you find that your PC behaves strangely
-
Format
your hard disk and re-install the system with care, if necessary
or in doubt
-
Refrain
from lending your PC to others
In order to
maintain a healthy computing environment, it is important that
each and every one of us should follow the rules and policies
set out by the University.
|
|
|
|
|
|