Patrolling UCI’s Internet borders

With its soothing fountain, lush bamboo, Asian prints and soft lighting, the office of Isaac Straley looks more like a place to meditate or practice yoga than to do battle with computer hackers, phishers and other cyber foes.

Yet amidst these tranquil surroundings, Straley engages in a fierce fight against viruses, worms, Trojan horses and other stealth software infiltrating the campus network.

Straley is IT security manager for UCI’s Network & Academic Computing Services. In recent years, as stealing data becomes an increasingly prevalent crime, defending the campus’s Internet turf requires the vigilance and tactical skills of a warrior. Small wonder Straley has transformed his office into a Zen-like retreat.

“We’re always on the defensive,” Straley says. “We constantly repel attacks and look for computers that have been compromised.”

Just last spring, the kind of activity that can send Straley running for his happy place occurred when NACS discovered someone had stolen UCInet login credentials. Had there been a data breach?

“Every time we ask that, I get the scare of my life,” Straley says.

To his relief, the data was safe, and NACS thwarted the intrusion by beefing up network protections.

Straley hopes to avoid the kind of scenario that occurred at UCLA in December 2006, when the campus announced that hackers broke into a database containing names, Social Security numbers and other information of 800,000 current and former students, faculty and staff members.

Yet staying ahead of hackers is a challenge. In June, UCInetID e-mails numbered 51,677,195; of those, 25,500,371 were rejected based on several criteria, 11,900 had viruses and 1,276,277 were spam.

“Network security has become a priority because there’s a lot at stake – especially at a university,” Straley says. “We’re a research institution. We have world-class researchers doing highly detailed work. We’re a viable target.”

Straley joined UCI in December 2005 after working as an IT security consultant to financial institutions. He and his NACS colleagues protect the network by installing support hardware, updating firewalls and an intrusion detection system that helps identify attacks. They provide forensic analysis if a computer is broken into to see if data has been stolen.

They also educate the campus community about steps users can take to protect the network. They advise updating operating systems with software patches that protect security holes, and keeping anti-virus programs and firewalls current.

“The most important step is to simply pay attention. If your computer starts running slow or behaving differently than usual, contact your local computer supporters,” Straley says.

NACS will soon launch an online training program for UCInet users outlining simple steps for protecting their computer and data, such as exercising caution when opening e-mail links.

For his part, Straley knows he and others working on behalf of network security can’t win the battle against hackers on their own:

“IT security is everyone’s responsibility,” he says.