Sandbox Project Secures Residents’ Computers

Posted: August 17, 2004 at 1:00 am, Last Updated: November 30, -0001 at 12:00 am

By Fran Rensbarger

Students living in George Mason’s residence halls this year will introduce their computers to the university’s network in the “sandbox,” a high-tech term for an environment that restricts access to a computer’s resources.

“When students first connect to the residence hall network this fall, their computers will initially be quarantined within a network sandbox” or data network security project, says Daniel Veloce, network engineer in the Technical Systems Division of the Information Technology Unit (ITU). “After some level of computer worm-checking and operating-system-patching is done, students will be able to register their computers and gain full access to the George Mason network and Internet.”

The sandbox project came about because the residence hall network became a hotbed of virulent worm infections last fall. The network was administratively disabled at one point so that the ITU could effectively quarantine and clean infected computers manually. The university’s sandbox project, Mason Update and Scanning Technology (MUST), provides an automated instruction set called the MUST Update Tool that most students will run on their computers.

This process for connecting to the network does not affect new faculty or staff members.

How long it will take students to be up and running will vary, Veloce says, especially for the vast majority of students who have Windows ME, 2000, or XP. “Those students who come into the residence halls with a worm-free, fully patched computer with Symantec Corporate AntiVirus 8.0 (or newer) installed will be able to register within a few minutes of running our update tool. An unpatched, worm-ridden computer might require an hour or more of remediation in order to gain access to the network.”

Most students will be able to plug in their own computers, rather than wait for assistance from ITU support technicians. “Since we are using a new dynamic addressing system this year, it should actually be easier for students to connect to the network than in previous years. Once plugged in, students can obtain full network access by opening Internet Explorer or another web browser and following the online instructions,” he says.

The MUST Update Tool is a set of automated instructions that can configure most of the residence hall computers to meet the university’s basic security goals. The new configuration will not cause any technical issues for students when they leave the university at year’s end, Veloce says, since no customized solutions for automatic software patching and updating are used.

A pilot program during the summer has gone fairly well, Veloce says. Of approximately 200 computers in the trial run, most were checked with the fully automated update tool. Older Windows operating systems, Mac OS, and Linux computers do not have a fully automated option, so users of those operating systems must be even more diligent in patching their computers and keeping them worm-free, he says. “Using current antivirus software and keeping a computer’s operating system up to date with the latest patches is a vital part of that effort.”

Write to at