Hackers at the Gate

SEVERAL RECENT COMPUTER SE- curity breaches at colleges and universities throughout the country, Dartmouth included, have spurred campus network administrators to tighten up the log-on procedures for its 10,000 users. With an open-access, campus-wide wireless network and as many as 20,000 active IP addresses that identify network users, a simple password that can be stolen by somebody guessing your dog's name is no longer sufficient to keep digital intruders at bay.

"The hackers are more sophisticated than they used to be," says Brad Noblet, the Colleges director of technical services. "We've had to increase our security budget and deploy new technology. Hackers write assembly language programs that are hidden from the directory and therefore from a program scanning the directory. We had cases where we patched a machine, thought we had fixed the problem and then found later the virus was deeper in the machine."

That new technology includes both hardware and software. Each student in the class of 2008 was issued upon arrival in Hanover an Aladdin eToken, a house- key-sized authentication device that fits into the USB port of any computer. Activated by the user's typed-in password, thee Token then issues a pre-encoded digital certificate to the network, allowing the user full access. The network will still be open to anyone who wants to use it for external Internet access, but to get at Dartmouth-specific areas such as grades, administrative files and personal data, an eToken and password will be required starting sometime in the fall. Human resources and medical records, already well protected, will require even more steps than they do now.

To get help deploying the new system, Noblet didn't have to look far. Dartmouth's own PKI (public key infrastructure) Lab, formed in 2001 with funding from the Mellon Foundation, has been working to develop the use of this sort of access control in academic computing throughout the country. The fit was a natural.

"There are three factors of personal identification for security," explains Larry Levine, director of computing services. "Something you know: a password. Something you have: an ATM card—or in this case an eToken. And something you are. That third level is biometrics and we're not going there now."

Where Levine and Noblet are going is inside the computers themselves, from students' laptops to the main servers. The Sygate Personal Firewall, already installed in about 2,000 Windows computers on campus, has been adapted to run in conjunction with a central server that does not allow a malicious program to be run on any connected machine. The user of an infected computer will have to have it cleaned off line. And if a worm or Trojan virus is identified on one Sygateconnected computer, the server will then block it on all the rest.

"Sygate will be deployed campus-wide this fall along with eTokens in all the Windows machines," says Noblet. "They're still cooking the software for the Macs and Linux machines, but they'll be part of the full roll out."

QUOTE/UNQUOTE "Be sure you pick a company where the sensibilities of the people are the same as yours. If you're a nerd, go hang out with the nerds." —JACK WELCH, FORMER CHAIRMAN AND CEO OF GENERAL ELECTRIC, SPEAKING AT THE TUCK SCHOOL MAY 4