Sightly OT: Re: [unisog] University virus-writing course?
Phillip G Deneault
deneault at WPI.EDU
Thu May 29 00:59:13 GMT 2003
I had a professor who was interested in creating a research project. It
was to be a grand security system encompassing dynamic intrusion
detection, malware defeating agents, and some kind of unspecified
central management system. I read his proposals and his timetables. At
its peak, the project would employ or involve no less than 20 people
including about a dozen grad students, several full time staff members,
and about a half-dozen faculity. The project would run its course over
I was highly skeptical.
Besides being alot of work without any clear method of getting there and
besides the timetable which seemed to pivot on the idea that nothing ever
changes and no problems will ever occur, I was concerned with the content
of the project. Although many qualified people work on these topics
everyday, there's so much involved with these topics that a project of
this magnitude becomes very big very quickly.
To magnify the problem, our computer science program(which would be
working on this project) doesn't cover security at all. We have two
graduate classes on the topic, and only a single lecture of a 4000-level
undergrad class in Operating Systems covers security. Despite many people
pointing out this deficiency, things do not seem to be changing anytime
soon. The faculity which would be working on this project are not well
versed in security themselves(except of course for the project proposer,
although I'm not too sure of his abilities either).
Now all this would be fine as long as they stay inside of the campus
network(and preferably their own isolated network). However the project
has made strides to team up with other universities and companies to
attack and counter-attack each other that test systems and sub-systems of
the project. This is the problem I have. I'm concerned that untrained
students will be attacking systems on both sides with all the sublity of
If they miss(mistyping an IP), or students on either side try to attack
other unrelated systems(DNS, switches, routers, or other hosts) in an
attempt to disable or break into the project, I'll need to block those
sites and point out the fact that the project is in violation of our AUP,
not to mention clean up the mess. I'd rather not do that and head of the
problem at the pass.
Does anyone have any thoughts this problem? Does anyone think this is
lunacy or that I'm way off base? I'd like people's 2 cents if they've
come across this problem before and possibly what they did to solve it.
Thanks in advance.
Phil Deneault "We work in the dark, We do what we can,
deneault at wpi.edu We give what we have. Our doubt is our passion,
WPI NetOps and our passion is our task. The rest is the
InfoSec maddness of art." - Henry James
More information about the unisog