Security | Viewpoint
The Campus Network Security Imperative: Why It’s Essential to Update Your Strategy Now
Educational institutions face uniquely complex network security challenges--chief among them, a constantly changing user base and a wide range of devices in use, from desktops to smartphones to gaming consoles. Yet many universities are still using homegrown network security products originally designed to fend off only the simplest of threats.
Three recent trends have made it imperative that universities reevaluate and update their network security strategies:
An explosion of IP-enabled mobile devices: Virtually every student on your campus--not to mention faculty--has at least one mobile device. Each IP-enabled device could potentially be used to launch a DNS attack, yet many universities leave their wireless networks completely open for anyone or anything to access.
Networks have become more heterogeneous: 10 years ago, most universities standardized on a single vendor for all of their networking infrastructure needs. In these homogeneous environments, it was likely that the vendor’s own security tools were sufficient to protect the network. But as the size and scope of networks increased--for instance, wireless networks were added--increasingly, network topologies included multiple vendors. Universities that continue to rely on built-in security tools from network infrastructure vendors will be left with a patchwork of disparate tools that don’t communicate with one another and that likely leave pockets of the network completely unprotected.
The changing nature of security threats: This is the most alarming of the three trends. Where threats used to be targeted to bring a network down, now intruders want to keep the network up and running while they steal valuable information, undetected.
Unfortunately, rather than proactively tuning their network security strategies to address one or more of the these three trends, many universities are prompted to make a change only after they are impacted by a major virus outbreak--at Maryville University, it was the Welchia virus outbreak in the summer of 2004 that forced us to reevaluate our own approach. A handful of infected lab computers crippled our network, and the bulk of the students hadn’t even arrived for the fall semester yet. If your institution hasn’t been affected by a large virus outbreak yet, you’re living on borrowed time.
While we were very pleased with the outcome of our network security upgrade here at Maryville, we had to make our decisions under pressure, which wasn’t ideal. To help you avoid that fate, based on our own experience I’ve compiled these five steps to building a network security strategy for your campus.
1. Keep it simple.
Remember, your users are not technicians or network administrators. Students in particular will get frustrated and eventually seek workarounds if following the rules takes more than a few clicks. And if they don’t clearly understand how to get into compliance, they won’t bother. At Maryville, we redesigned our Web interface to create a simple process that uses large, colorful graphics to direct them through the process. The security platform we chose, from Bradford Networks, allowed us to easily configure the user front end and develop a highly customized environment to hold our student’s hands through the registration process. Everything that can be automated, is.
The first time users connect their computer or Web-enabled phone to the Maryville University network and try to use the Internet, they are directed to the Campus Manager Registration page. Users then select their computing platform--Apple, Linux, or Windows--and are guided through the registration process.
2. Prepare your users.
Communicate policies and requirements to users early and often. Make sure they understand how keeping the network secure benefits them. Allow them to prepare before they get to campus, with tools that enable them to pre-register devices from home. Once on campus, give them a supervised place to go when they need help with compliance. And finally, make sure they understand that Microsoft makes the patches--you just require them to be installed.
3. Determine your policies and support.
Decide what applications your staff is going to support (e.g., anti-virus, anti-spyware, OS), and make sure there is at least one free version of each. You must also decide which applications you are going to prohibit or restrict (e.g., P2P). Determine whether you’ll need different policies for faculty, staff and students, or for residents and commuters. Your policies need to fit your organization.
Once your policies are set, you’ll need to configure your network infrastructure accordingly--for instance VLANs, traffic shaping, and wireless SSIDs. You’ll also need to prepare your remediation services such as DNS.
4. Install incrementally.
Start with the most challenging areas, which are typically resident and then commuter students, and then move on to personal hardware owned by faculty and staff. After those basics are covered, you can grow your network security solution into other areas, integrate it with other systems such as patch management and packet shaping and implement additional features such as guest access.
5. Consider guests, games, and devices.
Guests are a fact of life on any campus, and they expect network access. Make it safe by adding guest management to your network security solution, but increase the odds that guests will comply by making the guest registration process easy. It’s also a good idea to limit guest access to the network and bandwidth to maintain network security and to encourage students, faculty, and staff to register for full network resources.
Gaming and mobile devices, whether they belong to guests, faculty, staff, or students, should also be subject to security policies. Set expectations about which ones you’ll support, and let users know they need to register games and devices. But in designing the registration process, keep in mind that many of these devices don’t have keyboards.
At Maryville, following these five steps paid off in spades. Our network security solution eliminated the need to do manual inspections and boosted the IT team’s productivity by 40 percent.
As your mother may have told you, an ounce of prevention is worth a pound of cure. If it’s been more than three years since you last revisited your network security strategy, don’t wait another minute--take steps to ensure that your network is protected from modern threats, and that it offers the right balance of safety and accessibility.
[Images courtesy Maryville University]