Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

Penn responds to information security threats

March 4, 2004 :: David Millar, University Information Security Officer

Summer, 2003 was a very busy time for IT professionals at Penn and around the world. Many organizations, both public and private, reported spending hundreds of thousands of dollars mopping up in the aftermath of the Welchia and MSBLAST worms which infected over a million Windows computers worldwide. Penn was no exception. IT professionals at Penn worked long hours in August and September last year to clean up infected machines and to ensure that the worms did not spread further. Thanks to everyone's efforts, the damage was contained to individual computers and never threatened the stability of PennNet.

Uncomfortable that similar repeat attacks were likely and could once again waste valuable staff time and productivity, as well as put sensitive data at risk, Penn began strengthening its polices and processes for how to assure the security and integrity of Penn computers, data, and networks.

Concurrent with the spread of the worms over the Summer, ISC began to draft plans focusing on three key areas: prevention, detection, and response.

Our overriding preference is to prevent security problems in the first place, so a great deal of planning went into defining policy directions and supporting education, awareness and tools to ensure that Penn computers are as secure as reasonably possible.

Recognizing, however, that computers are never perfect, we chose as our second priority to ensure that if a computer at Penn should get hacked, we have the tools to quickly detect the problem. The more quickly a hacked system is removed from PennNet and properly secured, the less potential there is for serious harm and disruption.

Finally, our experience managing hundreds of incidents of worm infections in Summer, 2003 pointed out room for improvement in our security incident response tools and procedures. The third priority became to make improvements to our incident response process. An improved process will enable us to more efficiently manage security incidents when widespread worms and viruses are rampant.

During Fall, 2003, ISC and the Networking Planning Task Force (NPTF) devoted much of its annual IT planning effort to the problem of assuring information security at Penn. IT professionals campus-wide were brought into the process and the plans were reviewed, discussed, refined and ultimately improved. The end result is that we have established a consensus around a good plan and have begun working to implement it. The plan includes the following elements, to name a few:

  • All systems on PennNet, including desktop computers, must follow good security practices, including applying security patches, using strong passwords, and using anti-virus software.

  • The University will work with vendors to improve the security out-of-the-box of new computers purchased at the Computer Connection.

  • ISC will develop educational and training materials to provide IT professionals and end users with the tools and knowledge that they need to do their part in securing Penn computers.

  • ISC will deploy Microsoft Windows Software Update Service (SUS), a subscription-based security patch management service. This service will help address the growing problem of keeping Windows workstations updated with the latest critical updates and patches released from Microsoft, thus keeping them free of security holes. By automatically installing critical updates, patch management will significantly reduce the amount of time users spend in manually monitoring and installing patches to keep their computers updated.

The planning efforts have already borne fruit. Starting in October, 2003, ISC implemented email virus filtering on selected Penn email domains (pobox, dolphin,, etc) allowing us to block over a quarter million viruses.

You can expect to hear more details about security plans in coming months.

News & Announcements
Computing Newsroom
ISC News - Recent news from ISC
ISC Events - ISC facilitates and supports IT events around campus
Keep up to date with ISC's Cloud First program

Information Systems and Computing
University of Pennsylvania
Comments & Questions

University of Pennsylvania Penn Computing University of Pennsylvania Information Systems & Computing (ISC)
Information Systems and Computing, University of Pennsylvania