University to change internet network
October 12, 2016
WKU’s Information Technology division will begin a project next week to increase security on the WKU network by changing the way the network can be accessed by outside users.
IT’s goal is to prevent the majority of unsolicited traffic into the WKU network from the rest of the Internet, according to a press release. Greg Hackbarth, director of enterprise systems, explained what the end result of the project will hopefully accomplish.
“We’re only allowing people to come through our network over ports that we want them to come in on,” Hackbarth said. “We want to allow people to come in on the WKU website…TopNet and Blackboard or any of those services that we want them to use.”
However, the division is working to prevent outside servers from accessing workstations, lab machines and other private devices.
The IT division will begin work on Monday, Oct. 18, and Hackbarth said he hopes the project is completed by Thanksgiving break.
Jeppie Sumpter, director of communication technologies, is head of the network team. This project is a collaboration primarily between the network team and the security team, which Greg Hackbarth heads.
Sumpter said there is potential for problems during the process of changing the network but said he thinks they will be easy to fix.
The network is divided into segments that make it easier to manage, and the IT division will work on multiple network segments at a time. Sumpter said this layered approach will better contain potential risks and make it easier to address issues if they do arise.
Gordon Johnson, vice president for IT, said the project is being completed in phases to limit the possibility of unintentionally locking out devices.
“We have to be careful that we don’t globally block legitimate devices that need to receive incoming connections,” Johnson said.
Johnson is a part of the management team that reviews cyber security strategies, and he signs off on the strategies implemented. He said other universities are starting to do the same thing as WKU, by locking down their own networks.
“The cyber security aspect of running a network these days is just getting so critical, and there are criminal-type players out there that are trying to break into networks,” Johnson said. “This [project] reduces the probability dramatically that an unsecured device is going to get hacked or probed from an incoming connection.”
“Our network is full of what hackers consider resources,” Johnson said. “If they can get ahold of a device that’s on our network, they can install software and they can launch attacks … on other entities.”
In the past, the IT division has focused on blocking individual “worms” that have tried to spread, which target databases or other vulnerable services. The division’s solution has been to block the ports the services run on, Hackbarth said.
The difference now is IT is blocking connections on every port. Hackbarth said it is “better practice” to block all outside servers and then allow only the ones that are wanted.
“It’s kind of like when you put your phone on ‘do not disturb,’ only allowing people on your contact list to call in, blocking everyone else,” Hackbarth said.
Zhonghang Xia, an associate professor in the department of computer science and expert in multimedia computing and networking and distributed systems, said there are benefits and drawbacks to formatting a network in the way proposed by IT.
“Specifying ports for incoming and outgoing will make it easier to monitor network traffic, and thus improve network security,” said Xia in an email. “On the other hand, however, it will limit some freedom. What if faculty and students need to set servers for the public?”
Johnson said it is the users’ responsibility as well as IT’s to help make the network more secure.
Johnson said he wants people to practice “safe computing,” which includes protecting laptops with virus protection software, updating software frequently and not visiting unstable and unreliable websites.
Reporter Callie Miller can be reached at 270-745-6011 and [email protected].