UW Information Technology

June 19, 2019

Security enhancements to UW network foil cyberattacks

Blocking incoming Internet traffic over specific network ports proves effective

Internet of Things 40By Gretchen Konrady

Early in 2018, monitoring of the UW network by UW Information Technology (UW-IT) showed a troubling trend — more and more malicious entities were trying to attack the UW network and reports pointed to a staggering increase in attempts to spread malware and compromise systems. Mitigation was necessary to protect the University’s devices, systems and data and thwart these attacks.

An analysis of the top attacks by the office of the Chief Security Officer (CISO) found that the attacks numbered around 12.5 million during one 48-hour period. So a project team of UW-IT engineers and cybersecurity experts, collaborating with staff from UW Medicine IT Services, began blocking the most vulnerable UW network ports from incoming Internet traffic.

“It was the start of a three-phased project to implement critical measures to better protect the UW network against external attacks,” said Rebekah Skiver Thompson, CISO Director of Cyber Intelligence. “We needed to continue to support researchers who use the network to actively collaborate with others around the world, and this project made their collaboration over the network more secure. The safeguards we employed were common practices used by many large organizations, including numerous higher education institutions, who also have blocked outside traffic on specific network ports,” Skiver Thompson explained.

The first phase required people to change the way they accessed UW network resources from off campus through remote desktop or file-sharing applications. They now have to use a UW or UW Medicine secure virtual private network (VPN) to connect. A VPN is an application on your computer that establishes a secure connection to a network.

UW-IT provides the Husky OnNet VPN at no charge to students, faculty and staff, and Jan Eveleth, UW-IT’s Executive Director for IT Infrastructure Services, led an effort to ensure Husky OnNet was ready for an influx of downloads and new users, and to provide people with information on how to obtain and use a VPN.

The second phase of the project later in 2018 blocked external traffic to an additional set of frequently abused ports, including FTP, Telnet, Remote Management for Windows and others. The third major phase, which wrapped up in April 2019, blocked less commonly used network ports.

The enhancements to the security of the UW network proved successful. A recent report over a 48-hour period showed a 96 percent decrease in the number of common network attacks.

“The project has been a success, and we couldn’t have done any of it without the collective support of the UW community and the IT teams across the University, including our partners in UW Medicine,” Eveleth said.

This story was published June 19, 2019