Intruder Breaks Into Sever Hall Network

Two weeks ago, a system administrator discovered that someone had broken into the computer system in Sever Hall, according to a FAS Computer Services official.

The intruder had set up a "packet sniffer"--a network tool that monitors all the traffic of a local network. This particular "sniffer" had access to only a small section of the Sever Hall building, not the entire Harvard network.

Rick Osterberg, coordinator of residential computing support, said minor security breaches of the Harvard network are not uncommon.

"Unfortunately, [break-ins like this] are a fact of life with a highly networked environment," he said, citing a similar incident that occurred in Eliot House last October.

Osterberg said prevention of break-ins is nearly impossible.

"Note that there are two aspects of this event. One, breaking into a multiuser system on our network, and two, setting up the monitoring software. So long as individual systems are secure, then number two, setting up the monitoring software, can't happen."

The Handbook for Students specifically prohibits the monitoring of network traffic.

Harvard is currently in the process of installing new technology to diminish the risk of networking monitoring. Osterberg said that in the course of a several-year project, all Harvard computers will be "switch networked."

"Switched networking is advantageous in that it eliminates any risks from this kind of network monitoring, since each machine can only see the network traffic destined for that particular machine," he said.

The switch-networking project is two to three years away from completion, Osterberg added, because the procedure is labor-intensive and costly.

But until the networking changes are complete, Osterberg said that there are certain precautions that account holders can take to secure their privacy.

"The best thing students, and other account holders, can do to keep their account secure is to periodically change the password of the account," he said.

Users can also safeguard their privacy with SSH Clients, an encrypted form of Telnet that Harvard cannot distribute to students with its Internet software package due to U.S. encryption export laws, Osterberg said.

"However, individuals can purchase such software and make use of it," he said. --JORDANNA R. LEWIS