The latest security holes, virus attacks, and several available protocols in Microsoft Windows 2000 and XP have left Brandeis Information Technology Services (ITS) scrambling to warn incoming and returning students that their computers will be knocked off the Brandeis network if they are vulnerable. Numerous emails, a detailed notice to new network users, and an active opening day campaign which included mobilizing the entire UNet and ITS staff were part of a major effort to educate and assist students. After settling in first year's on Sunday, ITS's precautions appeared to thus far prevent a major outbreak among students, leaving Brandeis virtually unscathed compared to many other schools such as Princeton and Tufts.

"We did well! Both on the virus front and generally getting people connected... Brandeis appears to have successfully averted any serious problems," Network Security Analyst Rich Graves said. He estimates that so far only about 50 to 100 students have been affected by the problems much less than the 40% UNet member said they were expecting when the Justice first inquired at the UNet help desk. However he still describes these numbers as "serious." In an email to the Justice, though. Graves said that as of August 1, there were 750 vulnerable non student computers that ITS was "working very hard to patch." However, several staff and faculty machines are still vulnerable and have been cut off from the network.

Chief Information Officer Perry Hanson told acknowledged the "hard" work of the UNet staff working double shifts to help students fix the problem. He pointed out that there has been a line of students waiting all day at the UNet desk for help.

UNet Team Leader Omar Haq '04 is one of the students manning the UNet help desk. "The UNet Student managers Ian Roy and Jonathan Melenson and I have been working at feverish pace since last weekend organizing the patching up of computer in freshman dorms,"he says.

Haq also credits Adam Batkin '04 in making the CD, which has been very "helpful" to UNet in helping students. Any students arriving today can go to ITS to receive a copy of this CD.

"Our entire UNet consultant staff worked extra hours opening Sunday to try and keep things in order and have done a remarkable job so far," said Haq. "Our biggest test comes Tuesday and Wednesday when we will be doing the blitzes in Freshman dorms, Massell and North-we're expecting a very large number of students coming to us for help. My entire staff of 16 consultants will be at hand in those quads to face the onslaught."

"Our aim is to try and fix all compromised freshman computers problems before the returning students arrive," he said. "I've doubled the staff at the helpdesk as we expect the next two weeks to be hell." As a result, he said he hopes that students are patient with UNet during the week.

Hanson explained students need to "rebuild" or reinstall their operating system if their computer is infected. He said that ITS will wave the $75 to $150 fee in an effort to help students connect to the network quicker. ITS is also distributing a CD with patches and virus scan software that will allow students to protect their system prior to connecting to the network.

"The big message is, if your windows isn't patched, don't plug it in...patch it first. As long as they do that, they aren't going to bring in more problems," Graves said. Windows reinstalled or patched in order to expedite students connecting to the network.

Other area schools were hit much harder than Brandeis. MIT had 10,000 vulnerable machines and cut off over 1,000. Tufts has a web page up talking about 300 compromises in one day. UCONN, Princeton, Yale, Stanford, University of Washington, and Berkeley were much worse hit according to the school's respective websites.

There were two specific threats that ITS was warning students about which would have caused students to lose their network connection. The main threat from any Windows 2000 or XP computer was the computers not being up to date in critical updates-which prevented users to maliciously take control of someone's computers. The second serious problem was network bridging which is enabled on many windows XP laptops by default and causes an invalid spanning tree (undesirable loops in the path from one computer to another) on the network, causing the Ethernet port to reject the user and turn itself off completely. The port will turn itself on in 30 minutes and test to see if the problem is solved. If its not, the port will shut down again.

The LovSan or Blaster virus was the first such virus to exploit a flaw in Windows XP and 2000 which allowed someone to take complete control of a vulnerable computer. The Welchia worm was a worm which exploited the same hole that LovSan did but was designed with a different purpose. According to Graves, it breaks into the computer and patches the vulnerability so the next person can't get in. However Welchia still leaves a back door into the computer by allowing the person who wrote it to get into your computer. It then scans the entire network for other vulnerable computers.

"It's malicious," Graves said. "It just happens to be the first thing to break into the computer. Within minutes if you plug a vulnerable computer into the Brandeis network, it would get cracked."

"Since there's no way to tell (ShareScan and Welchia) apart, and abuse of scanners like ShareScan (which scan the network for shared files) has always been a policy violation, network scanners can expect to be treated as the criminals-sarcasm-they are and shut off from the network," he wrote in an email. "However, if they apologize to the NOC for wasting their time, they'll be allowed back on the network some time this week without having to reinstall the OS." Such scanning uses up network resources and causes a slow down for all users on the network and is a policy violation.

"A home cable connection filters your network ports right at your modem which prevents file sharing with your neighbors. Which is ok," Graves said. "Viruses like SoBig (a virus used to email spam from the user computer) will hit them hard but they don't care, they simply don't care about their users and they don't really need to."

"Here we actually care if your computer is getting cracked and you lose all your data and we run a relatively open network internally," Graves said. "Other fun issues aside file sharing is a relatively good thing--you are allowed to do it; you can run servers. That's not true on your home ISP for the most part. This is why the network is internally more vulnerable. We have a pretty good shell. SoBig didn't even get in. We didn't have any external infections from any of these things."

The other major concern of networking bridging was less of a problem with the first years than ITS thought it would be according to Graves. Only a "handful" of effected student computers he estimated. "This was less of a problem than we thought; mostly because we caught it so quickly," he said. The problem started when Community Advisors started arriving. "It seemed like everyone with a Windows XP laptop was pulling the network switches to not correctly connect," Graves said. Bridging computers is when computers are linked to the Internet as a chain where the first one is connected to the Internet and the rest to the first one. Some laptops may have two network devices such as a wireless card and may enable bridging by default without another computer connecting.

According to Graves ITS took many precautions to solve this problem: "We handed out a red piece of paper (with instructions to fix this) on Sunday that people actually paid attention too, in fact people probably paid a little more attention then they needed to because one of the most common questions we got was 'I don't see a bridging option,'" he said.

"But having people afraid to connect to the network is probably better than just doing it and causing problems. What happened the first week is people (mostly CA's) without knowing anything, just plugged in their laptop thinking it will just work and just killed the (port) and your phone...and we can't have that," he said.

Graves said that there were about 2 or 3 ITS staff and half dozen UNET students at each dorm assisting incoming first years. There were no service calls related to computers to UNET on opening Sunday, but rather most calls were related to the new phone system. He gives credit to the entire ITS staff for helping out on Sunday and being on campus at 7AM.

Hanson also said that if students call the UNET help line x9UNET and they get an answering machine, they should come to the UNET help desk located at the Shapiro Campus Center as they will more likely get help there.