University of Michigan is one of the top universities of the world, a diverse public institution of higher learning, fostering excellence in research. U-M provides outstanding undergraduate, graduate and professional education, serving the local, regional, national and international communities.
On the eve of classes starting for the fall term, the University of Michigan has decided to cut the internet connection of all campuses.
The University of Michigan has more than 30,000 students and has a very large hospital with over 550 beds on its main hospital campus.
It will be interesting to see what prompted the securing of the network. Was this just focused at the hospital, students, or both? Only time will tell.
Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet.
I feel like most big announcements like this end up being Ransomware. Cutting off from the wider internet feels like a weird move to defend/mitigate that? Unless it’s to reduce exfiltration?
No VPN was provided for us to use - it was pretty much just connect to port 22 with the university’s website as the hostname, from any network.
It was a pretty niche thing as only a few students (including myself) used it remotely, and only a tiny part of the course that included a DBA exercise actually required us to use SSH access an Oracle DB server.
I believe the attacks were carried out external to the campus, but they didn’t clarify that to us
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !technology@beehaw.org
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
I feel like most big announcements like this end up being Ransomware. Cutting off from the wider internet feels like a weird move to defend/mitigate that? Unless it’s to reduce exfiltration?
If enough university hardware was compromised, it could be used combined with their massive bandwidth to springboard into all kinds of attacks.
I remember my university disabled SSH access indefinitely for all students a year before my graduation.
It was pretty sweet while it lasted, but apparently bad actors kept attacking it.
Weird, did they not enforce the use of a VPN if you want to SSH outside the network or was this done by someone on campus?
No VPN was provided for us to use - it was pretty much just connect to port 22 with the university’s website as the hostname, from any network.
It was a pretty niche thing as only a few students (including myself) used it remotely, and only a tiny part of the course that included a DBA exercise actually required us to use SSH access an Oracle DB server.
I believe the attacks were carried out external to the campus, but they didn’t clarify that to us
That’s just straight up bad IT to do something like that.
I hope they are transparent about the reasons for this outage after they have resolved the issue(s)