8 Spots for Tightening Security on Campus -- Campus Technology

Share this Page

8 Spots for Tightening Security on Campus

By Linda L. Briggs
01/30/04

2. Focus on Virus Protection

If you have limited resources, this is the place to start. Temple University's Silverstone sees viruses as the most obvious and pervasive security hole on virtually any campus, and the one to attack first. His advice, which he's followed successfully at Temple: Get an anti-virus product, install it, and make it mandatory on every machine, both clients and servers. He also highly recommends firewalls where possible. At Temple, with 35,000 students, "we catch 1,400 viruses a day," Silverstone says, which equates to 1,400 service calls a day that aren't happening. Last year's Blaster virus, he estimates, cost the university half a million dollars - and that figure would have been higher if Temple hadn't stopped it fairly quickly.

But firewalls aren't always workable, as Carnegie Mellon University's John K Lerchey points out. "There's no way we can put up firewalls," Lerchey, the computer and network security coordinator for the campus, says. "We have researchers with such a wide variety of software and research… It's difficult to dictate which ports you can and cannot use." Firewalls, he concludes, are "a great solution on desktop machines," but to deploy a firewall solution campus-wide, Carnegie would need a full-time person to maintain the firewall rules alone.

Widely distributed virus protection, he concurs, is much easier. "We distribute [Symantec's] Norton Antivirus - anyone can get and use it." Since 99 percent of viruses attack Windows machines, Lerchey says, simply keeping virus checkers installed and up-to-date is a huge help. He says Carnegie Mellon just released a new virus installer that is set by default to update users' virus software every day instead of every week, the previous default.

"Get an anti-virus product, install it, and make it mandatory on every machine, both clients and servers."

Also, virus protection is best if extended beyond the desktop, as this case study from Virginia Tech. With 70,000 users, Virginia Tech's IT staff recently decided they needed a more pervasive security solution. The staff expanded the virus protection program beyond users' desktops, realizing they needed more than a security solution that depended on users maintaining up-to-date files on their computers.

Virginia Tech chose a specialized solution: a messaging appliance that checks for viruses on the server side. Whatever you choose to protect the enterprise, be sure to get a site license that allows you to provide every student's system with virus protection, thus giving you a security solution that's centrally managed. And in your education efforts, remember to stress the importance of virus protection at the server and workstation tiers.

3. Educate Faculty

Students, of course, aren't your entire user base; faculty and staff use the networks as well. For example, you'll want to discourage faculty from things like using e-mail improperly (using unencrypted e-mail to send out grades, for example). Again, provide both education and the software and guidance needed to do the job correctly.

At the Rochester Institute of Technology, Barbour says the security issue that keeps her awake at night is unauthorized software running somewhere on campus that isn't under the central IT umbrella. "That's where I'm focusing most of my attention right now…. [Those systems] could be very vulnerable to hacking." One theoretical example: A specialized program set up by an individual faculty member on his or her computer, without the proper security clearance or configuration. To help with addressing the issue, RIT now has a full-time Information Security Officer who develops policies to help make sure systems are secure.

4. Stop Denial of Service Attacks

In its simplest form, a denial of service attack sends more data to your network than it can handle, thus overflowing the buffers and resulting in a loss of service to users. Most DoS attacks are malicious and intended to bring the network down, and though they typically don't destroy data, they can. Some recent viruses can be classified as denial of service attacks.

As with many things having to do with campus security, a college or university network may be especially susceptible to a DoS attack because of its openness. Versions of Microsoft Windows, by far the most popular operating systems for hacking, are especially vulnerable.

There are many ways to protect your network, from virus software to firewalls to how you configure your operating systems. For a primer on defeating denial-of-service attacks, you can start with this useful article from SANS, a well-respected security research, training and certification institute. The article contains instructions for administrators on, among other things, preventing your network from being used as a broadcast amplification site - an unwitting accomplice in a denial-of-service attack.

Previous Page :: Next Page