Hidden from Hacks

By Holly Gilbert Stowell

01 May 2016

Print Issue: May 2016

Students at Marist College in Poughkeepsie, New York, have the chance to participate in the 2016 presidential race in a big way. Their school partners with NBC News to produce the Marist Poll, which reflects public opinion at the local, state, and national levels. The polls are conducted entirely by students, who do everything from writing the questions to analyzing the results, which are frequently cited by media outlets and political campaigns across the country.

Bill Thirsk, vice president and chief information officer at Marist College, says the Marist Institute for Public Opinion began as a research project in 1978 and has evolved into a high-powered technology center. “The technology that we use to run the analytics and the predictives is running on our mainframe. It’s running on some very sophisticated technologies and making fast analytics transactions,” says Thirsk.

The polling center is just one of many reasons why protecting the college's mainframes, which house its servers, is so critical, Thirsk explains. The college, which offers both undergraduate and graduate degrees, also provides private cloud services, known as the Academic Community Cloud, to like-missioned institutions for a low fee. Marist has 25 such clients, including the Franklin D. Roosevelt Presidential Library and Museum and The College of New Rochelle.

Technology students at Marist also get the opportunity to develop software that often winds up in the marketplace using this cloud-computing platform. “Not only do our students learn a whole lot, but they get to say that they’ve actually impacted the markets,” says Thirsk.

Recently, the Marist IT team and students and faculty from the computer science department launched LinuxONE, one of three mainframes at the college. The mainframe runs on IBM z Systems. Marist has made certain servers on the mainframe available to anyone around the world to develop apps using open-source software. Within two weeks of launching in February 2016, 500 users had signed up to participate.

But maintaining the open environment, not only for open-source developers but for students to freely access the Internet, presents a security challenge for the IT staff. With such large servers, Marist’s network is a high-value target for hackers. “They’re trying to get in and sniff around and see what’s there, and hopefully take over a very high-power machine that they can use to their benefit.” He adds that attacks on the college are persistent, and come mostly from China and eastern Europe. This information is gleaned from logs that are studied by the IT staff and the tech students.

In early 2014, the school started a cybersecurity project with technology students and faculty. “We wanted to give ourselves the opportunity to think about, if no one had ever invented firewalls or done cybersecurity, what would we do now?” Thirsk says. Given the project, one of Thirsk’s IBM contacts approached him that fall about a company called BlackRidge Technology, which had clients in the military space. BlackRidge wanted to work alongside Marist’s IT department to refine its advanced network protection capabilities.

BlackRidge works by cloaking particular servers on a network so that hackers can’t see them, using advanced end-to-end encryption technology patented by John Hayes, an engineer for the company. Data sent from the client is heavily encrypted and cannot be changed or tampered with without the data being dropped, which means it will not reach the server hackers are trying to get at.

Thirsk and other IT staff, along with eight technology students and some faculty members, worked alongside the company to tailor the product to the LinuxONE IT environment. Thirsk told IBM that the network was particularly vulnerable to advanced persistent threat attacks, and that the technology could potentially help protect the Marist network. He adds that the price point was just right for Marist, which faces budget constraints much like other higher education institutions. The college paid $23,000 for the BlackRidge platform, which is tailored to Marist’s unique needs.

The development phase with BlackRidge began in February 2015 and lasted for a few months. During this time, staff produced and tested the system. As part of the school's cybersecurity project, IT had begun putting out honeypots, or decoy systems that look like attractive targets to hackers. Marist detected thousands of hacks a week using these honeypots. Since these decoys were in place during the testing phase with BlackRidge, the college was able to use the honeypots as an indicator of how successful the new technology could be.

“When we turned on the BlackRidge equipment on our network…to protect certain servers, they literally disappeared off the network, and the honeypots went silent on those servers,” said Thirsk.

Essentially, the hackers could no longer see the servers with the honeypots, so there was nothing for them to attack. “Meanwhile, other scans continued looking for servers that we don’t have protected by BlackRidge,” Thirsk explains. “So we had proof in our hands that it works really well.”

There were plenty of challenges to work through, Thirsk notes, especially since they were working in partnership with BlackRidge to tailor the technology.

“When we’re helping an entrepreneur [like BlackRidge], we’re in a supporting role, so their engineers would say, ‘we need to write code to do this one particular function,’ and then we supervise the students in writing some of that code, we hand it back to them, make sure it’s quality assured, and then it goes into the product,” he explains. “There were countless Thursday, Friday nights where some code just wouldn’t work or one of the components wasn’t working correctly, and we had to hammer through that stuff,” he says.

Marist also uses BlackRidge’s identity access management feature that works off the college's active directory, which gives users different levels of privilege depending on their trust level. Out of 55 IT staff, for example, about 20 have “high-trust” positions. The feature also manages access levels based on anomalous activity. “If a person’s behavior changes in some way, their identity trust level goes down, and if it goes down too far, they get cut off,” notes Thirsk.

The college launched the beta version of the protection system it customized with BlackRidge in September, and the full version in December 2015. Not all the servers are protected by the technology, but it covers the network administration side and areas that house sensitive information. “Being a college, we have academic freedom and freedom of speech, so there are areas on our network that are largely public domain and you don’t want to put too much security on those,” Thirsk says.

Since that beta testing, the mainframe’s servers that are cloaked remain completely untouched by hackers. “They can’t see the networks,” Thirsk says. “It’s not like one out of 10 [attacks] get through–nothing gets through.”

For more information: Mike Miracle, [email protected], www.blackridge.us, (855) 807-8776.