Campus Portal Security: Access, Risks, and Rewards

Portals are beginning to deliver on the promise of providing users access to campus information and services. In doing so, what are the security risks for campuses and the information accessible from campus portals? In an environment where privacy lapses receive headlines and many adults in the United States believe online is unsafe, how do colleges and universities create confidence that campus portals protect and safeguard personal information?

Campus portals can be thought of as a customized and personalized single point for useful and comprehensive access to information, people, and processes. The continued growth of campus portals has seen the field dominated by companies that link portals to their administrative software (PeopleSoft Inc., Jenzabar Inc.), course software (Blackboard Inc.), or provide middleware, providing connections to these products (Campus Pipeline Inc.).

In doing so, many campus portals have evolved into enterprise portals, providing: personalized access; customized information (access to documents, information, and services); user-friendly interaction (single sign-on, intuitive features, good response time); and community support (students, faculty, and staff can collaborate online).

In providing access to personal university information, campus portals encounter the same risks as other elements of the campus network. Portals face denial of service attacks, Web alteration, fraud, and identity theft. They must also support network-level security, encryption, session-management, and authentication to safeguard sensitive information and prevent unauthorized access. Beyond that they must provide security for a variety of processes—online database searches, protection for information that can be accessed and updated, personal communication, and online credit-card transactions. As an emerging technology they must also provide the flexibility to accommodate future applications.

Security Requirements
To meet privacy and security concerns, only authorized users can gain access to the portal, where they are allowed access to only carefully selected applications and interaction with only portions of the data to which they are entitled. To ensure security, campus portals must successfully address each of the following issues:

  • Authentication: Portals must determine whether someone is who they claim to be. Most commonly a user logs on to a campus portal using an assigned name and password. A critical component of authentication is single sign-on (SSO) capability—the ability for a user to sign onto the portal once and automatically be authenticated to all other applications within the portal. SSO eliminates the need for users to log onto multiple systems separately.

  • Authorization: In a portal environment, with users from various areas and a significant amount of sensitive information, it is crucial to define who can see and do what. To access protected information and services, users must be given permission to do so. Authenticated users can then be authorized to access resources, Web pages, activities, sections of the portal, and applications that can be accessed from the portal.

  • Data Confidentiality and Integrity: Confidential information cannot be disclosed to unauthorized persons, processes, or devices. Data must not be accidentally or maliciously modified, altered, or destroyed. Confidentiality and data integrity are accomplished through access controls, and protection of transmitted data through encryption techniques. Encryption is the process of cryptographically converting plain text electronic data into a form unintelligible to anyone except the intended recipient. For financial transactions, portals commonly use the Secure Sockets Layer (SSL) Protocol .

Security Management Issues
As with computer networks, portal security is an ongoing concern. This security depends not only on technology, but also on the actions of portal administrators. A successful portal will provide tools to do this job easily. Beyond the initial planning and conceptualization of security mechanisms, careful consideration should be given to the daily administration of security.

User Management: Someone must manage user accounts, including adding or deleting users, as well as managing access privileges and user groups. While portals centralize user credentials, portions of user group administration and associated authorization may be delegated.

Content Management: Portal information is not static, but constantly evolving, reflecting the evolution of the university and portal use. Distributed systems need to be developed to create, submit, approve, and maintain content.

Personalization: User experience and satisfaction will be increased if the content, functionality, navigation, and interface are configured to the identity of the user. Personalization is delivered based on information in the user's profile and attributes associated with the user. Frequently this relies on users and groups, and a system must be in place to maintain and update this information.

Case Study: Weber State Portal

On March 17, 2003, Weber State University went live with its new student portal. The three-month implementation incorporated Luminis software from Campus Pipeline Inc.—a third-party vendor in portal technology. The implementation team wrestled with all the normal issues of software installation, user interface, navigation, design, content, and security concerns. However, our main objective was to achieve secure single sign-on (SSO) to our Web-enabled applications.

Creating an eServices Account: In order to access the portal, students must first create an eServices account. Students are guided to a page that asks for their student ID number and birth date. Our legacy system then authenticates the individual on four data fields—first name, last name, student ID, and birth date. An eServices account name, which is a unique concatenation of first name and last name, is passed back to the student. The system also requires the student to select a password (alpha/numeric and case sensitive) and answer a challenge question.

Creating an eDirectory: For security reasons, an eDirectory account is created for every student and stored on a secure Novell server with 128-bit encryption. The directory stores each student's first name, last name, eServices name, and password.

Creating an Account: To control access to content such as transcripts, personal information, academic standing, payroll information, and other sensitive areas, a Luminis account is also created. The system passes, via XML, each student's first name, last name, eServices name, e-mail address, major, and profile to the Luminis server where an account is created and stored with 128-bit encryption. Storing profile information on each student allows the portal to display only information and services to which a student is entitled.

Recovering a Password: Students who forget their password must enter their student ID and birth date. The system authenticates the person, passing back to them their unique challenge question. Only if a correct answer is provided will the student be allowed to enter a new password and change their challenge question. Users may change their passwords as often as needed, but the system forces a change every six months. A password change twice each year seems to be a good balance between protecting access to the system and not hassling the end user.

We feel the combined security tools of the Campus Pipeline software and our legacy system has allowed us to achieve that fragile balance between security and personalized student access to information and services.

—Bruce Bowen, Ed.D., Associate Provost for Enrollment Management, Weber State University

Security Weaknesses
Most current campus portal logons depend on user names and passwords. This d'es not guarantee that the individual is really the person he or she claims to be. The password may have been stolen or given to someone. If an intruder can easily guess the password, the system can be compromised.

The Internet uses TCP/IP as the primary data transport protocol. In this process, intermediate computers are involved in the transport of data from the sender to the recipient. This introduces weak links to the communication system where the privacy of data may be compromised, or where information may be stolen.

The first level in securing sensitive data is preventing unauthorized individuals from accessing sensitive information. Although precautions can be taken to detect an unauthorized user, it is more difficult to determine if a legitimate user is purposefully doing something malicious. Frequently, campus identity theft begins with an insider.

Future Directions
Given the potentially wide range of access points available, from highly secure locations to public networks, wireless telephones, and personal digital assistants, future multiple authentication models and systems must be supported. This will allow portals to securely bridge between user access and traditional portal entries, as well as other systems.

Some campuses are now adopting implementations of Public Key Infrastructure (PKI). This enables users of the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair obtained and shared through a trusted authority. PKI provides for digital certificates and signatures that establish user credentials on the Web. Digital certificates help ensure that only authorized users access restricted information. Digital signatures authenticate the identity of the sender of a message or the signer of a document, and can provide a means of ensuring that data has been received and maintained its integrity.

Potential developments in the standards arena could create single sign-on authentication control that is truly interoperable among a variety of systems. There is movement toward adoption of SAML, or Security Assertions Markup Language. This is complicated by Microsoft Corp.'s use of Kerberos, an existing approach, and by those who prefer a Java-based solution.

Portals are beginning to adopt authentication factors that go beyond user name and password to include something a user has in their possession, such as a smart card or token card. Future directions could include physical characteristics that can be scanned, such as a retina or fingerprint.

Glossary

Lightweight Directory Access Protocol
The user name and password are authenticated against credentials in a relational database (Oracle, DB2 SQL Server) or a Lightweight Directory Access Protocol (LDAP) service (Novell NDS, Microsoft Active Directory, Netscape Directory Server). LDAP is a common directory structure accepted to maintain user information, organizational information, as well as access control and cryptographic certificate information. The continued development of portal technology has been accompanied by the continued evolution of LDAP, which has matured considerably and is applicable to a wide variety of platforms.

Secure Sockets Layer (SSL)
SSL establishes a secure communication session using public key cryptography, and an agreed upon key to encrypt and decrypt messages for the session. It handles the functions of authentication, encryption, and data integrity for secure transactions.

Questions to Answer
Campuses looking to begin a portal project or seeking to analyze the security of an existing implementation should consider the following questions:

  • What are the minimum security requirements for our portal?
  • What are the encryption expectations for password files and transmission of secure data?
  • Who is responsible for overseeing the security of the portal?
  • How often is the security of the portal assessed?
  • What are the processes for security review as additional systems and capabilities are added?

Campus portal security will continue to be a delicate balance between access, functionality, and system performance. Well-designed implementation and careful attention to ongoing administration can significantly reduce these risks. No networked system can be 100 percent secure and system security requires never-ending vigilance. However, by using best practices, campus portals can provide privacy systems to guarantee users that the information being passed and stored over the Internet is safe and secure.

comments powered by Disqus