Two weeks of computer chaos for Transportation and Parking Services ended last winter with Loren Bennett's sudden epiphany. The system hadn't failed because of corrupt software -- it had been hacked. In the ever-escalating battle of technology between hackers and their opponents, that invasion isn't a rare event, say those who monitor computer security at UC Davis. Security is a growing concern. Burglars, known as hackers, are scanning computers on the university network once or twice a day from various locations on the Internet, probing for security flaws, according to Chris Lambertus, security analyst for Information Technology's Department of Information Resources. Comparable to a thief rattling a doorknob to see if it's locked, these scans are the most common instances of network intrusion attempts on campus, Lambertus says. Once hackers find such a weakness, the computer can be used to download and store pirated software, pornographic materials and music or to generate mass-mailed advertising, commonly known as spam. UC Davis has been the victim of more serious computer crimes, with hackers trying to use campus machines as a conduit to illegally obtain sensitive government information. Just this past fall, chemical engineering graduate student Kevin Hase discovered that intruders used his stolen account to attempt to break into the U.S. Navy's computer system. Call from the Navy Hase received a call Sept. 16 from his department's technical support staff reporting that the Navy had called Information Technology. The Navy was not happy that its system had been violated by someone using Hase's computer. "I sat there and thought -- we've been hacked," Hase says. He said the incident cost him a day's worth of effort to solve the problem, and he had to switch operating systems and is still unable to access his computer from home or any other remote location. Last Thursday evening, someone cost thousands of people aggravation and lost work time when the person used a public-access computer on the UC Davis campus to attack Netscape's home Web site, according to Doreen Meyer, security analyst for IT's Distributed Computing Analysis and Support. Regardless of the number of days or hours of work lost, the result remains the same. "The person responsible is doing real damage," Bennett, computer ressources manager at Transportation and Parking Services, says. "This isn't a prank; it's real vandalism." Perhaps the campus's biggest security concerns are for the large administrative systems used to conduct university business--the Banner student information system and DaFIS, the financial information system. About 1,000 people campuswide have acce ss to these systems to report student grades and financial aid and to conduct purchasing operations, according to Tom Arons, computer security coordinator with IT Distributed Computing Analysis and Support. Stanford passwords stolen Concern for this sensitive information is well-founded. In another incident reported last week, Stanford University discovered that more than 4,500 student passwords had been stolen from several university computer systems by Swedish and Canadian hackers. So far, most of the computer break-ins at UC Davis have been simply time-consuming annoyances, but the potential for an attack similar to Stanford's remains a possibility, says Chris Lambertus, security analyst for IT's Information Resources. "With the precautionary measures we have in place, we would tend to catch that kind of intrusion on one of the Information Technology systems fairly quickly," Lambertus says. "But it's pretty hard to keep out someone who's determined to get in." Since 1995, employees have used token cards that resemble pocket calculators to log into the Banner system. The goal of this precaution has been to improve security and eliminate the use of clear-text passwords traveling over the Internet, according to Arons. To log in, a staff member enters a personal identification number, similar to one used for automatic teller machines. The card then displays a one-time password. Even if this password is detected by a hacker, it cannot be used to break into Banner, Arons says. People have found the token cards cumbersome, but Arons points out they increase the security of a system containing confidential records. The use of token cards has been suspended since last December when the Banner system was updated; they will be reinstated in the spring quarter after the token card software is modified. One of IT's main tools to improving overall computer security is Network 21, says Ken Weiss, computer programmer and interim director of IT's Distributed Computing Analysis and Support. A separate pipeline for each computer The transfer to this new campuswide network, which is 70 percent complete, will not only increase efficiency but provide each computer with its own pipeline to the main network. Without the upgraded technology, as many as 200 computers share a common hub or link to the main network. If one password is stolen, a hacker can listen to traffic or communication between all linked computers, using a software program called a "sniffer." "By converting to Network 21, we will substantially improve the security of our computers," Weiss says. "The key is going from shared media hubs to switched hubs; that way there's no traffic sharing. You can't run a sniffer and see the entire sub-network anymore, or collect passwords from other machines." Even with the adoption of Network 21 and improved authentication services that allow computer users to securely log into Web-based applications, Arons says UC Davis remains vulnerable to hacker attacks because there are 350 units or departments on campus, some with more computer resources than others. "Perfect security is very expensive, cumbersome and impossible," Arons says. "To quantify the risks of intrusion and the costs of protecting against them is quite difficult." Security measures high at diagnostic lab The Veterinary Medicine Diagnostic Lab is one department for which the risks are high enough to employ extensive security measures, Arons says. The department uses a system known as a firewall around its network to screen traffic. Commonly used in the corporate world, this expensive security measure is one of only a few used on campus at this point, he notes. Security experts like Weiss, Lambertus, Arons and Meyer say the entire campus needs more integrated security management. "We can do that by developing key departmental contacts, but we need a central location for people to report their security problems," Arons says. "That takes people and money." A few people working in various departments of Information Technology and across the campus are currently participating in an incident response team. The group will provide a formal process for the UC Davis community to report computer or network security incidents and to offer the security staff a way to track and resolve these events. They are also developing automated ways to detect suspicious activity on the campus network. "Our goal is to develop formal incident response and reporting procedures at UC Davis," says Meyer, who heads the small team. "This would be another step in creating a more robust campus-wide security support structure."