Click here to receive your FREE subscription to Campus Technology

Home > Security: It’s Not All About Hackers

Focus

Security: It’s Not All About Hackers

8/22/2005

By Doug Gale

Sometimes, the biggest threat to security isn’t a mysterious hacker on the Net—it’s the person who just walked by.

“WHY BOTHER?” a doctor in the front row of the seminar blurted out. The topic under discussion was improving the security of patient data at a famous university hospital, but he wasn’t so sure that technology was the answer. “Why worry about fancy systems to secure computer systems, when all that’s needed to obtain patient records is a white lab coat and a clipboard—particularly if you’re a white male over the age of 35?” His point was a good one.

In our own discussions of cyber security, we often omit the simplest security of all: controlling physical access to our computer facilities. It used to be a tedious process to steal information from someone’s computer, but the proliferation of small memory devices, personal digital assistants (PDAs), and music players that plug directly into a PC’s USB port now make it possible to transfer huge amounts of information to an easily concealed gadget. It’s also pretty easy to just walk off with a laptop. In short, controlling physical access to computers— those on desks or those in the computer room—is just as important as preventing hackers from accessing our networks.

First, assess risk. The first step in controlling physical access as part of a layered campus defense is a risk assessment: What are we trying to protect? The answer is not just sensitive or proprietary information on the computer, but the computer itself. What will it cost us if either is stolen? The cost of a computer is obvious, but what is the value of the information stored on that computer? What would the theft cost our clients both directly and indirectly? What would be the damage to our reputation? Finally, what will it cost us to protect the computer or the information?

For example, the value of a computer in a public lab is little more than the cost of the computer and the software. A simple cable-lock device may be all that’s required. On the other hand, a laptop that contains sensitive information— say, the Social Security numbers of all of the institution’s students—has a value that far exceeds the cost of the laptop itself, and justifies more aggressive protection. We’re always faced with a trade-off between three variables: security, cost, and convenience.

Three Types of Security

While there is a bewildering array of secure-access techniques and technologies, they all can be easily placed into three categories: something you have, something you know, or something you are.

Something you have is fairly obvious: something in your possession to prove that you should have access, such as a key to a lock, or a photo ID. Something you know would be traditional passwords and PIN numbers. It’s common to combine something you know with something you have. To get money from an ATM machine you need both the PIN number and the ATM card.

Something you are is the newest method of security. Better known as “biometrics,” the term refers to the practice of using some part of an individual’s physical identity as an identifier. The most common example is the use of a fingerprint, while other examples are the use of retina scans and voice recognition.

Smart Cards Move to “Challenge/Response”



Recommended Reading
  • Sun, Stanford Working To Archive History

    In May in San Francisco, experts from leading universities, libraries, and research institutions around the world met as part of an ongoing effort to address a pressing issue: archiving the world's history, right up to today.

  • The Quilt Coalition Rolls Out XO Communications for High-Capacity Network Services

    The Quilt, a coalition of 28 regional network organizations, has added XO Communications Services to its authorized vendor list. The Quilt represents 200 universities and thousands of other educational institutions across the United States. With this new relationship, Quilt members can purchase XO's high-speed IP transit and network transport services at competitive rates.

  • Wimba Classroom 5.2 Expands Classroom Capture Support, Adds MP3 Downloads

    At the NECC 2008 conference in Texas this week, Wimba launched a new version of Wimba Classroom, the virtual classroom component of the company's Collaboration Suite. The new 5.2 release expands options for classroom capture and adds a variety of other functional and ease of use features.

  • Automation Chimera: Education Is Not Management

    The lure of automating workflow online so human intervention is minimized is continually reinforced in the minds of higher education administrators by examples of automated campus systems such as financials, student information systems, and other enterprise systems. But what's good for management is not always good for learning.

  • Cognos Releases BI Software for Linux-based IBM System z Mainframe

    Cognos, which IBM acquired in January, has released an update to its business intelligence software that will run on the Linux operating system on IBM System z mainframes. IBM Cognos 8 BI was being developed by the two companies prior to the acquisition, but assimilation of Cognos into IBM accelerated development.

  • Facebook and Collegiality: A Serendipitous Social Niche

    Facebook is a way to greet a colleague as if she or he is on your own campus: a wave at a distance, a hello at the corner burrito place, a honk as you both leave the campus parking lot. Informal collegiality has been extended over the miles.

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format