Security Incidents in an Academic Setting: A Case Study.

• Main Author: Cui, Zhiqiang
• Format: Others
• Published: Digital Commons @ East Tennessee State University 2002
• Subjects: Security; Attack; Hacking; Probe; Hack; Computer Sciences; Physical Sciences and Mathematics
• Online Access: https://dc.etsu.edu/etd/664; https://dc.etsu.edu/cgi/viewcontent.cgi?article=1821&context=etd

Academic institutes' networks, like commercial networks, have confidential and valuable information that attracts hackers. From 6 October 2000 to 29 March 2001, the authors collected data on possible attacks and probes against East Tennessee State University's campus network. The number of suspicious activities detected daily varied from 200,000 to more than 2,000,000, with ICMP-based attacks accounting for more than 81% of all attacks. While ICMP-based attacks were reasonably harmless, these activities as a whole depleted network bandwidth significantly. Severe attacks were detected daily. Port scans and host scans that involving 2 or more /24 subnets were detected every week. Attacks and probes were distributed throughout a typical day and week. Our research results suggested policy makers in academic institutions like ETSU should adopt standard measures to secure campus networks, including firewalls, intrusion detection systems, server management, and risk assessment.